General
-
Target
5f481a84688e02aa0dbb5bc3ecd52cb7360a59bad55934d729c2b92bac0258be
-
Size
2.9MB
-
Sample
241120-rcnzwsxdnf
-
MD5
bff27a37c46141834eb0cadc872c457f
-
SHA1
140c15847996d30a8894539b6b15d8be0eca06e0
-
SHA256
5f481a84688e02aa0dbb5bc3ecd52cb7360a59bad55934d729c2b92bac0258be
-
SHA512
f0d74ee493e675e9dffac06133f5d1ccad4a82f87002e0a74e3b6b35352b2b1c8008e608a10e7516bff0bccbe0e4063db99dc587dd0755810ea237c759820ea0
-
SSDEEP
49152:QOapfhpbq+Yqy3jkSsPcYu0oeme6NWsQCFDE5:QOaJrbq+dy3gSsP5ode6NzS
Malware Config
Extracted
lumma
https://scriptyprefej.store
https://navygenerayk.store
https://founpiuer.store
https://necklacedmny.store
https://thumbystriw.store
https://fadehairucw.store
https://crisiwarny.store
https://presticitpo.store
Targets
-
-
Target
5f481a84688e02aa0dbb5bc3ecd52cb7360a59bad55934d729c2b92bac0258be
-
Size
2.9MB
-
MD5
bff27a37c46141834eb0cadc872c457f
-
SHA1
140c15847996d30a8894539b6b15d8be0eca06e0
-
SHA256
5f481a84688e02aa0dbb5bc3ecd52cb7360a59bad55934d729c2b92bac0258be
-
SHA512
f0d74ee493e675e9dffac06133f5d1ccad4a82f87002e0a74e3b6b35352b2b1c8008e608a10e7516bff0bccbe0e4063db99dc587dd0755810ea237c759820ea0
-
SSDEEP
49152:QOapfhpbq+Yqy3jkSsPcYu0oeme6NWsQCFDE5:QOaJrbq+dy3gSsP5ode6NzS
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
2