General
-
Target
f4ca8cc8cf400fa51bd89e100cdb438f5707fbaf148bacf27a2e4d9af8306188
-
Size
2.8MB
-
Sample
241121-n2wt9awngq
-
MD5
ce30c177c983f9a8ef192452d20075e8
-
SHA1
d9df14950e3f2759588644c5a94420195f0e23f0
-
SHA256
f4ca8cc8cf400fa51bd89e100cdb438f5707fbaf148bacf27a2e4d9af8306188
-
SHA512
915539371009416b0f93fd59fea695eb523d3ab8ec7481de4387d9b62eb6e9f4de44d56351d5859b6aac222bf8acbdd600e9457582ffa2478a794ebd008131aa
-
SSDEEP
24576:s7aSfEL0z8tIG2fcgrM3CafXGljwmZr5QCfuj7F6Nzpw/VENe4O8u4kmRBiki:sGVvZPyaf2ljPA7F6o4OGRBji
Malware Config
Extracted
lumma
https://scriptyprefej.store
https://navygenerayk.store
https://founpiuer.store
https://necklacedmny.store
https://thumbystriw.store
https://fadehairucw.store
https://crisiwarny.store
https://presticitpo.store
Targets
-
-
Target
f4ca8cc8cf400fa51bd89e100cdb438f5707fbaf148bacf27a2e4d9af8306188
-
Size
2.8MB
-
MD5
ce30c177c983f9a8ef192452d20075e8
-
SHA1
d9df14950e3f2759588644c5a94420195f0e23f0
-
SHA256
f4ca8cc8cf400fa51bd89e100cdb438f5707fbaf148bacf27a2e4d9af8306188
-
SHA512
915539371009416b0f93fd59fea695eb523d3ab8ec7481de4387d9b62eb6e9f4de44d56351d5859b6aac222bf8acbdd600e9457582ffa2478a794ebd008131aa
-
SSDEEP
24576:s7aSfEL0z8tIG2fcgrM3CafXGljwmZr5QCfuj7F6Nzpw/VENe4O8u4kmRBiki:sGVvZPyaf2ljPA7F6o4OGRBji
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
2