General
-
Target
91126811484fcbbc5b56d9e90b7663fa70439eb194a767ab66da76d22d976233.exe
-
Size
1.8MB
-
Sample
241127-c9jzwasrcw
-
MD5
c38e8b23e6d883cb93ae7a667e156593
-
SHA1
be7454d7110cbcb6281396a912878eec8a3e4cad
-
SHA256
91126811484fcbbc5b56d9e90b7663fa70439eb194a767ab66da76d22d976233
-
SHA512
16449fd40c388bb2161b8ad3c68a6e02bdcaaedaed11cd0ec039776e2617d6ec8af8796c3904e194d58d92a203d46268d835e722a309e2d01e73925202452cd2
-
SSDEEP
24576:MjqhlZfxIPqrDtyzxo7H41BaYmXfU7JTioOwAwf3NUGey0bsLUzbrEQlk/eTXMSK:MjElXayDoz/5yfrghNlepscrlk4JBv
Malware Config
Extracted
lumma
https://powerful-avoids.sbs
https://motion-treesz.sbs
https://disobey-curly.sbs
https://leg-sate-boat.sbs
https://story-tense-faz.sbs
https://blade-govern.sbs
https://occupy-blushi.sbs
https://frogs-severz.sbs
https://property-imper.sbs
Extracted
lumma
https://blade-govern.sbs/api
https://story-tense-faz.sbs/api
Targets
-
-
Target
91126811484fcbbc5b56d9e90b7663fa70439eb194a767ab66da76d22d976233.exe
-
Size
1.8MB
-
MD5
c38e8b23e6d883cb93ae7a667e156593
-
SHA1
be7454d7110cbcb6281396a912878eec8a3e4cad
-
SHA256
91126811484fcbbc5b56d9e90b7663fa70439eb194a767ab66da76d22d976233
-
SHA512
16449fd40c388bb2161b8ad3c68a6e02bdcaaedaed11cd0ec039776e2617d6ec8af8796c3904e194d58d92a203d46268d835e722a309e2d01e73925202452cd2
-
SSDEEP
24576:MjqhlZfxIPqrDtyzxo7H41BaYmXfU7JTioOwAwf3NUGey0bsLUzbrEQlk/eTXMSK:MjElXayDoz/5yfrghNlepscrlk4JBv
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-