General
-
Target
file.exe
-
Size
1.8MB
-
Sample
241121-elsyzszalq
-
MD5
2abf167c162f113d8d96e89224cbbe5d
-
SHA1
9242e3859dd61870bfb277ff8406647ace1f44b5
-
SHA256
64789098fe762f3a9459df93505475b24d01549e2fe5057522f8bad0b7f907e2
-
SHA512
943806cfa245cb47b1bbc54675196993a81954b34229f7e1a8357fd748bcaae079f05782ece5bf11ea59e537e479ad7e2b61b89bfccec0ce586a32aabeba1a12
-
SSDEEP
49152:mnQIIeuh6zC9mIDxP2qUTqCN0ofc8yr43cbM8hhQcnZ0e:moesTmINvdCNhE8ys2MFcnZ0
Malware Config
Extracted
lumma
https://crib-endanger.sbs
https://faintbl0w.sbs
https://300snails.sbs
https://bored-light.sbs
https://3xc1aimbl0w.sbs
https://pull-trucker.sbs
https://fleez-inc.sbs
https://thicktoys.sbs
https://frogmen-smell.sbs
Extracted
lumma
https://frogmen-smell.sbs/api
Targets
-
-
Target
file.exe
-
Size
1.8MB
-
MD5
2abf167c162f113d8d96e89224cbbe5d
-
SHA1
9242e3859dd61870bfb277ff8406647ace1f44b5
-
SHA256
64789098fe762f3a9459df93505475b24d01549e2fe5057522f8bad0b7f907e2
-
SHA512
943806cfa245cb47b1bbc54675196993a81954b34229f7e1a8357fd748bcaae079f05782ece5bf11ea59e537e479ad7e2b61b89bfccec0ce586a32aabeba1a12
-
SSDEEP
49152:mnQIIeuh6zC9mIDxP2qUTqCN0ofc8yr43cbM8hhQcnZ0e:moesTmINvdCNhE8ys2MFcnZ0
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
2