General

  • Target

    0a176414492da39e5927f9cd937a8fbbdae92201aa27f3a46e1402b4e3525edb

  • Size

    2.8MB

  • Sample

    241121-zz4ymaslgk

  • MD5

    e698918d7efbab1f43d5285a6180d9e6

  • SHA1

    a36bdce51a0ba9900a3efbb48a1b95e94f9a715e

  • SHA256

    0a176414492da39e5927f9cd937a8fbbdae92201aa27f3a46e1402b4e3525edb

  • SHA512

    486f4cd2e661b5a211c45f24ac1ace50590e2dcae264671d56d2e25e05665fbd6fc09598c05e64fc7799dfc30c6e8fb643f87eb504b2f242a0b3ae0be736a630

  • SSDEEP

    49152:ZiFcIzbTJltcAofaRMPcdHEJjQCb+uWGDIUIJTEMzXvy:ZieIzbVltcAKaRMEdkJQCb3IUIJT/

Malware Config

Extracted

Family

lumma

C2

https://scriptyprefej.store

https://navygenerayk.store

https://founpiuer.store

https://necklacedmny.store

https://thumbystriw.store

https://fadehairucw.store

https://crisiwarny.store

https://presticitpo.store

Targets

    • Target

      0a176414492da39e5927f9cd937a8fbbdae92201aa27f3a46e1402b4e3525edb

    • Size

      2.8MB

    • MD5

      e698918d7efbab1f43d5285a6180d9e6

    • SHA1

      a36bdce51a0ba9900a3efbb48a1b95e94f9a715e

    • SHA256

      0a176414492da39e5927f9cd937a8fbbdae92201aa27f3a46e1402b4e3525edb

    • SHA512

      486f4cd2e661b5a211c45f24ac1ace50590e2dcae264671d56d2e25e05665fbd6fc09598c05e64fc7799dfc30c6e8fb643f87eb504b2f242a0b3ae0be736a630

    • SSDEEP

      49152:ZiFcIzbTJltcAofaRMPcdHEJjQCb+uWGDIUIJTEMzXvy:ZieIzbVltcAKaRMEdkJQCb3IUIJT/

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks