General
-
Target
f3739ff53879b58f01646f7d49bba3c440243a9d0e9c21c8220d9760f71ec9ac
-
Size
2.8MB
-
Sample
241120-qsqyraxhnj
-
MD5
693ece77c0e3fbc32d18393b31bc55a2
-
SHA1
7608b41ce0d5a18267ce2093134e636d3dca10e9
-
SHA256
f3739ff53879b58f01646f7d49bba3c440243a9d0e9c21c8220d9760f71ec9ac
-
SHA512
f748856e303eba664d36b9477bb667ad49d95a4e2ee2a0f42fabb49aeba2a53bf08865599a445c9cd4064165001d428d077693269e4e0888521c178cb51d7d9d
-
SSDEEP
49152:7itUHkCPzODisHOyIp7U7ychZsO4miN0aMgl6g5xboqIp42E:7iiHkCPzOJJIp74yQZsOZ49MglPfbg22
Malware Config
Extracted
lumma
https://scriptyprefej.store
https://navygenerayk.store
https://founpiuer.store
https://necklacedmny.store
https://thumbystriw.store
https://fadehairucw.store
https://crisiwarny.store
https://presticitpo.store
Targets
-
-
Target
f3739ff53879b58f01646f7d49bba3c440243a9d0e9c21c8220d9760f71ec9ac
-
Size
2.8MB
-
MD5
693ece77c0e3fbc32d18393b31bc55a2
-
SHA1
7608b41ce0d5a18267ce2093134e636d3dca10e9
-
SHA256
f3739ff53879b58f01646f7d49bba3c440243a9d0e9c21c8220d9760f71ec9ac
-
SHA512
f748856e303eba664d36b9477bb667ad49d95a4e2ee2a0f42fabb49aeba2a53bf08865599a445c9cd4064165001d428d077693269e4e0888521c178cb51d7d9d
-
SSDEEP
49152:7itUHkCPzODisHOyIp7U7ychZsO4miN0aMgl6g5xboqIp42E:7iiHkCPzOJJIp74yQZsOZ49MglPfbg22
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-