Extracted

• • Target

    Screenshot 2024-11-13 7.48.42 AM.png

  • Size

    1KB

  • MD5

    80271854ba89bd5fecccac014ec00f4c

  • SHA1

    dc1b2c0f503132803235315f9bdc6b7bc85e3bab

  • SHA256

    99a5938fc480970658f6a7823d41da49a0bce42862d54de92d6003b16791e611

  • SHA512

    507a46759c2d8b045dbc09d1a511f7eea8384131a3e244fb5a76893eacb48344a0e3e9bb0dd5b3227d815b3485345bac7f0099100b0202a611985dd1ab081e36

  Score

  10^/10

  lummadiscoveryevasionphishingspywarestealertrojan

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma

  • Lumma family

    lumma

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Downloads MZ/PE file

  • A potential corporate email address has been identified in the URL: [email protected]

    phishing

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Blocklisted process makes network request

  • Checks whether UAC is enabled

    evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Enumerates processes with tasklist

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1