General
-
Target
file.exe
-
Size
1.8MB
-
Sample
241127-dhbd4atme1
-
MD5
1f5a8b5e3e778cdb27538dd4736ac214
-
SHA1
d580d538ee8e82787078026b5fe2d8af50850725
-
SHA256
5617fe4901f592e029277c374cb5007a0a3d2f8a59e78e9e2d3e29f0bc6744a1
-
SHA512
0e2f6a9cb10b76ec74c2024013da1774d6a721ac9d5f94c6a262206cbd0ddc3faf9d69f6b3dfa973d58808a9aa92c699ae81291930757904138027ba5261fb4d
-
SSDEEP
49152:r5JPQSGT9HJvHU/waDBcyhR/VKFLuLAwmAsKHnbHh:r5JIN4wKLYKl
Malware Config
Extracted
lumma
https://powerful-avoids.sbs
https://motion-treesz.sbs
https://disobey-curly.sbs
https://leg-sate-boat.sbs
https://story-tense-faz.sbs
https://blade-govern.sbs
https://occupy-blushi.sbs
https://frogs-severz.sbs
https://property-imper.sbs
Extracted
lumma
https://blade-govern.sbs/api
https://story-tense-faz.sbs/api
Targets
-
-
Target
file.exe
-
Size
1.8MB
-
MD5
1f5a8b5e3e778cdb27538dd4736ac214
-
SHA1
d580d538ee8e82787078026b5fe2d8af50850725
-
SHA256
5617fe4901f592e029277c374cb5007a0a3d2f8a59e78e9e2d3e29f0bc6744a1
-
SHA512
0e2f6a9cb10b76ec74c2024013da1774d6a721ac9d5f94c6a262206cbd0ddc3faf9d69f6b3dfa973d58808a9aa92c699ae81291930757904138027ba5261fb4d
-
SSDEEP
49152:r5JPQSGT9HJvHU/waDBcyhR/VKFLuLAwmAsKHnbHh:r5JIN4wKLYKl
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-