General

  • Target

    a7850de3122509e3528e71705def837359e1bb9678c9876442e852759ba5d735

  • Size

    2.9MB

  • Sample

    241121-wanzbsymdq

  • MD5

    72378a6fc2cca85e08616b5c9396df67

  • SHA1

    589c3789dd94017ba9f4bed50969405d9d303c91

  • SHA256

    a7850de3122509e3528e71705def837359e1bb9678c9876442e852759ba5d735

  • SHA512

    b58558deca75257e7f6aefbf887f8799bdaa4ef51b50f9d6b9cc13bf9d635f688213162ad1c7e703f690142947b9b130c5d448c08b7c70179ef2ef7cf26beb4f

  • SSDEEP

    49152:CAERMgJp9NfWPHu2oAYf69x3z7OVM13whXJ8PRoaPx5Q:C7MgJpLfOu2oL69NQMVwh58PmaPs

Malware Config

Extracted

Family

lumma

C2

https://scriptyprefej.store

https://navygenerayk.store

https://founpiuer.store

https://necklacedmny.store

https://thumbystriw.store

https://fadehairucw.store

https://crisiwarny.store

https://presticitpo.store

Targets

    • Target

      a7850de3122509e3528e71705def837359e1bb9678c9876442e852759ba5d735

    • Size

      2.9MB

    • MD5

      72378a6fc2cca85e08616b5c9396df67

    • SHA1

      589c3789dd94017ba9f4bed50969405d9d303c91

    • SHA256

      a7850de3122509e3528e71705def837359e1bb9678c9876442e852759ba5d735

    • SHA512

      b58558deca75257e7f6aefbf887f8799bdaa4ef51b50f9d6b9cc13bf9d635f688213162ad1c7e703f690142947b9b130c5d448c08b7c70179ef2ef7cf26beb4f

    • SSDEEP

      49152:CAERMgJp9NfWPHu2oAYf69x3z7OVM13whXJ8PRoaPx5Q:C7MgJpLfOu2oL69NQMVwh58PmaPs

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks