Overview

overview

10

Static

static

3

61c8b17d2e...bc.exe

windows10-2004-x64

10

61c8b17d2e...bc.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    61c8b17d2e8d8317a67de78ee3e19c583d50fb2ecac1914638fb02c3439db4bc.zip

  • Size

    1.7MB

  • Sample

    241126-wqr1xsyphk

  • MD5

    7ade8a04925dbd07fe68b6259642a95e

  • SHA1

    3638e70afab8a8412a4ce3b0035f3642896c7eb0

  • SHA256

    70cddb766aaaa5bbedba4c2d5190b4fbd1631feae67b76d34e12349d2eb87ce6

  • SHA512

    daff7a0818cd70216fa2713d9db1929203e126e7a7061b82e13aaf2db1e65c76cc7915af23487cdbe018446e889a5059235562a685aa73a2fe9f53ff678d6e9a

  • SSDEEP

    49152:8jSp85QFRNWX94LbfgGdyke7bdIEIp0o4CHuTECUU+mGof:IV5Q2GLbgIyn2EIp0bCHuTECUU+If

Score
10/10
lummadiscoveryevasionstealer

Malware Config

Extracted

Family

lumma

C2

https://p3ar11fter.sbs

https://3xp3cts1aim.sbs

https://owner-vacat10n.sbs

https://peepburry828.sbs

https://p10tgrace.sbs

https://befall-sm0ker.sbs

https://librari-night.sbs

https://processhol.sbs

https://cook-rain.sbs

Extracted

Family

lumma

C2

https://cook-rain.sbs/api

Targets

    • Target

      61c8b17d2e8d8317a67de78ee3e19c583d50fb2ecac1914638fb02c3439db4bc.exe

    • Size

      1.8MB

    • MD5

      6d02dfe090a1e4d84bdfa569ebe81d9c

    • SHA1

      cae4963adf527d1ded42e49d3b47d20a9f79ed88

    • SHA256

      61c8b17d2e8d8317a67de78ee3e19c583d50fb2ecac1914638fb02c3439db4bc

    • SHA512

      fadc5b2a169b17305c0110baadb2a8465d89bed99f5267bd0b4d2f978076fa058230327212f1b6364f967348ecaf520d65f87e5819146055c003550aa5ee4f1b

    • SSDEEP

      49152:g0fj7cubxQeTYtOJoIoqtZS0blvr1NgYbkhg9j2:frTbxQest0oqpx/gY5Z

    Score
    10/10
    lummadiscoveryevasionstealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Lumma family

      lumma

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks