General
-
Target
010df829b95529730aa0840699e780b9176822dbefc24864ccc134a790043a28
-
Size
2.9MB
-
Sample
241120-qlayysxmdz
-
MD5
8280e9c803dff5258a0c452549b5953c
-
SHA1
27ebb62ff372ffe1de06eedd3b0e1c70b2d6b6a1
-
SHA256
010df829b95529730aa0840699e780b9176822dbefc24864ccc134a790043a28
-
SHA512
a84ed79a370657385022a07e44988f3e7ebc9799ea658436ffc83a0040c258631e4db71a4c6d5d90d44ab6f375e75a8adef874a2cadbbcec9e2ff6560611b85b
-
SSDEEP
49152:6KTpAUwSS6eSNXM1dTPTLSoNTrR3LFG/yaRkz4sT:VTwSS6e2XM1tPTL3r9pzM
Malware Config
Extracted
lumma
https://scriptyprefej.store
https://navygenerayk.store
https://founpiuer.store
https://necklacedmny.store
https://thumbystriw.store
https://fadehairucw.store
https://crisiwarny.store
https://presticitpo.store
Targets
-
-
Target
010df829b95529730aa0840699e780b9176822dbefc24864ccc134a790043a28
-
Size
2.9MB
-
MD5
8280e9c803dff5258a0c452549b5953c
-
SHA1
27ebb62ff372ffe1de06eedd3b0e1c70b2d6b6a1
-
SHA256
010df829b95529730aa0840699e780b9176822dbefc24864ccc134a790043a28
-
SHA512
a84ed79a370657385022a07e44988f3e7ebc9799ea658436ffc83a0040c258631e4db71a4c6d5d90d44ab6f375e75a8adef874a2cadbbcec9e2ff6560611b85b
-
SSDEEP
49152:6KTpAUwSS6eSNXM1dTPTLSoNTrR3LFG/yaRkz4sT:VTwSS6e2XM1tPTL3r9pzM
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-