General
-
Target
33a4f30902e46a8118225a95b4498a0b693c88e5bee6192d4a3129f5d59e9382
-
Size
2.9MB
-
Sample
241121-ypc7gswlcw
-
MD5
ba4acd66f5a624204d7e4935bcc7607b
-
SHA1
8e7459499a6c10a45ba0f3f1b1dbaf60d8e81b78
-
SHA256
33a4f30902e46a8118225a95b4498a0b693c88e5bee6192d4a3129f5d59e9382
-
SHA512
c454c42099ae659b197754222dcec5129489770dcd466f063bebd4fa316a488f827a9e06af353edc43ababe1b15a529c865518a051348c8100db301965eb20f0
-
SSDEEP
49152:cMhHKZENQ0Bh40PgLDmlEUofRp6g+AlqLAuYRQKP:TVKZENQ0/4OgLNpyMqEuYRQK
Malware Config
Extracted
lumma
https://scriptyprefej.store
https://navygenerayk.store
https://founpiuer.store
https://necklacedmny.store
https://thumbystriw.store
https://fadehairucw.store
https://crisiwarny.store
https://presticitpo.store
Targets
-
-
Target
33a4f30902e46a8118225a95b4498a0b693c88e5bee6192d4a3129f5d59e9382
-
Size
2.9MB
-
MD5
ba4acd66f5a624204d7e4935bcc7607b
-
SHA1
8e7459499a6c10a45ba0f3f1b1dbaf60d8e81b78
-
SHA256
33a4f30902e46a8118225a95b4498a0b693c88e5bee6192d4a3129f5d59e9382
-
SHA512
c454c42099ae659b197754222dcec5129489770dcd466f063bebd4fa316a488f827a9e06af353edc43ababe1b15a529c865518a051348c8100db301965eb20f0
-
SSDEEP
49152:cMhHKZENQ0Bh40PgLDmlEUofRp6g+AlqLAuYRQKP:TVKZENQ0/4OgLNpyMqEuYRQK
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
2