General
-
Target
f2192a397429bd4c7e5c13b3832627265eda3774239ca19f66be38911c6612ca.exe
-
Size
1.8MB
-
Sample
241127-dqqhzstqhw
-
MD5
d3898add2004689239baf9b29bad208c
-
SHA1
1ef5c797efed6085774c5feaf73578e940d5d5a4
-
SHA256
f2192a397429bd4c7e5c13b3832627265eda3774239ca19f66be38911c6612ca
-
SHA512
1c4ee0e00dcfe7a070efc1e687af2b436e019447dd4252d8c0cd2de2448baf9506995af74798f6ff52c44838ff5052a1d83567ce4f3fd07c7659b683aad1f76c
-
SSDEEP
49152:EqX1tQdWq3HAReAYAorW086V+pLoemaJ60VVNitH0k3l:3Jq3HAReJWp6V+z60Bal
Malware Config
Extracted
lumma
https://powerful-avoids.sbs
https://motion-treesz.sbs
https://disobey-curly.sbs
https://leg-sate-boat.sbs
https://story-tense-faz.sbs
https://blade-govern.sbs
https://occupy-blushi.sbs
https://frogs-severz.sbs
https://property-imper.sbs
Extracted
lumma
https://blade-govern.sbs/api
https://story-tense-faz.sbs/api
Targets
-
-
Target
f2192a397429bd4c7e5c13b3832627265eda3774239ca19f66be38911c6612ca.exe
-
Size
1.8MB
-
MD5
d3898add2004689239baf9b29bad208c
-
SHA1
1ef5c797efed6085774c5feaf73578e940d5d5a4
-
SHA256
f2192a397429bd4c7e5c13b3832627265eda3774239ca19f66be38911c6612ca
-
SHA512
1c4ee0e00dcfe7a070efc1e687af2b436e019447dd4252d8c0cd2de2448baf9506995af74798f6ff52c44838ff5052a1d83567ce4f3fd07c7659b683aad1f76c
-
SSDEEP
49152:EqX1tQdWq3HAReAYAorW086V+pLoemaJ60VVNitH0k3l:3Jq3HAReJWp6V+z60Bal
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-