lumma | 07e2823c459c3ddba762be2557a932230380fb2bdc05e3054d17e9540304ddd4 | Triage

Sharing

General

Target

07e2823c459c3ddba762be2557a932230380fb2bdc05e3054d17e9540304ddd4
Size

2.8MB
Sample

241121-v7jv7symbr
MD5

9bdd2e49b89ef795727adeedc9a3ce1b
SHA1

382bfbd9f655a31941705360f13a301a59882b43
SHA256

07e2823c459c3ddba762be2557a932230380fb2bdc05e3054d17e9540304ddd4
SHA512

1ee50a19026cd3c4e3fdaafa56e0d273d02bbee623c4d146d89739515cd5fcd5d4cd1e1434001e57197d42c9051b3bc6782538e06edc67a5fd172e578ea5d6dd
SSDEEP

49152:u0KRFUmIs6iHdNv7G230Qn+FQ+fOOTGHEmtnLbM:u0mFUmxT9Nv7G230U+F7OOTGHF

Score

10^/10

lumma discovery evasion stealer

Malware Config

Extracted

Family

lumma

C2

https://scriptyprefej.store

https://navygenerayk.store

https://founpiuer.store

https://necklacedmny.store

https://thumbystriw.store

https://fadehairucw.store

https://crisiwarny.store

https://presticitpo.store

Targets

- Target
  
  07e2823c459c3ddba762be2557a932230380fb2bdc05e3054d17e9540304ddd4
- Size
  
  2.8MB
- MD5
  
  9bdd2e49b89ef795727adeedc9a3ce1b
- SHA1
  
  382bfbd9f655a31941705360f13a301a59882b43
- SHA256
  
  07e2823c459c3ddba762be2557a932230380fb2bdc05e3054d17e9540304ddd4
- SHA512
  
  1ee50a19026cd3c4e3fdaafa56e0d273d02bbee623c4d146d89739515cd5fcd5d4cd1e1434001e57197d42c9051b3bc6782538e06edc67a5fd172e578ea5d6dd
- SSDEEP
  
  49152:u0KRFUmIs6iHdNv7G230Qn+FQ+fOOTGHEmtnLbM:u0mFUmxT9Nv7G230U+F7OOTGHF
Score

10^/10

lumma discovery evasion stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoveryevasionstealer

behavioral2

lummadiscoveryevasionstealer