General

  • Target

    0077934422c43d40c3d013a087dc47921a80b0afa6ff27df16788b0f9ba5f42c

  • Size

    2.8MB

  • Sample

    241121-nhv4lswmeq

  • MD5

    1e2713791f4b57ee161ef33685c0f1ed

  • SHA1

    4c208910306a8ffed3a5e12635d5b062b5c0ccdf

  • SHA256

    0077934422c43d40c3d013a087dc47921a80b0afa6ff27df16788b0f9ba5f42c

  • SHA512

    b9ad7593dfd25ec2881797ae70069e4717e67dbe15a390c70ebfdbb271298eabea9cfa0c2a73187507f4d39a761f4f5b621a99832a8f180af502c43d143abc15

  • SSDEEP

    49152:TNuNeBOHsm6gpbhXoFqg9w2BQ2NPEnZiYI4ZNdT:TNuNeQb6cbhXoFqf2BQesn9I4p

Malware Config

Extracted

Family

lumma

C2

https://scriptyprefej.store

https://navygenerayk.store

https://founpiuer.store

https://necklacedmny.store

https://thumbystriw.store

https://fadehairucw.store

https://crisiwarny.store

https://presticitpo.store

Targets

    • Target

      0077934422c43d40c3d013a087dc47921a80b0afa6ff27df16788b0f9ba5f42c

    • Size

      2.8MB

    • MD5

      1e2713791f4b57ee161ef33685c0f1ed

    • SHA1

      4c208910306a8ffed3a5e12635d5b062b5c0ccdf

    • SHA256

      0077934422c43d40c3d013a087dc47921a80b0afa6ff27df16788b0f9ba5f42c

    • SHA512

      b9ad7593dfd25ec2881797ae70069e4717e67dbe15a390c70ebfdbb271298eabea9cfa0c2a73187507f4d39a761f4f5b621a99832a8f180af502c43d143abc15

    • SSDEEP

      49152:TNuNeBOHsm6gpbhXoFqg9w2BQ2NPEnZiYI4ZNdT:TNuNeQb6cbhXoFqf2BQesn9I4p

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks