General
-
Target
e1a0807d2313553a9e5c3997162f9228d9d88bb171bf90c653b15d5195fef36e
-
Size
2.9MB
-
Sample
241121-y152mswqct
-
MD5
c9026d15b750cd2d99e938c9a16c0fea
-
SHA1
ac28095ed9fd5546cb2b71e54a6cbaa8ba5fd129
-
SHA256
e1a0807d2313553a9e5c3997162f9228d9d88bb171bf90c653b15d5195fef36e
-
SHA512
af64ad1a5c759a9686f7c689042abac150b23f035f900f181f87c457c82bf359ee36801f9086337f65635020ce25ae6e35620482381e1b25c1282f6d8eccfeda
-
SSDEEP
49152:vmnF5R7XF3eOel6chopM1ei57l5pS9fkyNcFvr:vmnB7XF3eOel6chopM1ei29ftNA
Malware Config
Extracted
lumma
https://scriptyprefej.store
https://navygenerayk.store
https://founpiuer.store
https://necklacedmny.store
https://thumbystriw.store
https://fadehairucw.store
https://crisiwarny.store
https://presticitpo.store
Targets
-
-
Target
e1a0807d2313553a9e5c3997162f9228d9d88bb171bf90c653b15d5195fef36e
-
Size
2.9MB
-
MD5
c9026d15b750cd2d99e938c9a16c0fea
-
SHA1
ac28095ed9fd5546cb2b71e54a6cbaa8ba5fd129
-
SHA256
e1a0807d2313553a9e5c3997162f9228d9d88bb171bf90c653b15d5195fef36e
-
SHA512
af64ad1a5c759a9686f7c689042abac150b23f035f900f181f87c457c82bf359ee36801f9086337f65635020ce25ae6e35620482381e1b25c1282f6d8eccfeda
-
SSDEEP
49152:vmnF5R7XF3eOel6chopM1ei57l5pS9fkyNcFvr:vmnB7XF3eOel6chopM1ei29ftNA
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
2