General
-
Target
file.exe
-
Size
1.8MB
-
Sample
241127-eegmdavrcz
-
MD5
c6452e791c4c6e165667524e2f4e90a5
-
SHA1
74a701fa01137b87633bbb24ddb32df43bcc2904
-
SHA256
ff87b730afa9ff3aa46a78ab81a7afa1489fe86527cbe741309c6e5ecaf76449
-
SHA512
2bcc5eded72d7e8c77fd02cc115f053467848e3252876dabf9addffcf3e89fc4c3fea6b909a77cabdb57a70f0cfe06d5cbe325aa3955a332f06ef9d92ef5149e
-
SSDEEP
49152:RxDlz+apbPodXdzqUd+n7hXt5IuzqGQNgdq:HVbpDoTmXtTq7g
Malware Config
Extracted
lumma
https://powerful-avoids.sbs
https://motion-treesz.sbs
https://disobey-curly.sbs
https://leg-sate-boat.sbs
https://story-tense-faz.sbs
https://blade-govern.sbs
https://occupy-blushi.sbs
https://frogs-severz.sbs
https://property-imper.sbs
Extracted
lumma
https://story-tense-faz.sbs/api
https://blade-govern.sbs/api
Targets
-
-
Target
file.exe
-
Size
1.8MB
-
MD5
c6452e791c4c6e165667524e2f4e90a5
-
SHA1
74a701fa01137b87633bbb24ddb32df43bcc2904
-
SHA256
ff87b730afa9ff3aa46a78ab81a7afa1489fe86527cbe741309c6e5ecaf76449
-
SHA512
2bcc5eded72d7e8c77fd02cc115f053467848e3252876dabf9addffcf3e89fc4c3fea6b909a77cabdb57a70f0cfe06d5cbe325aa3955a332f06ef9d92ef5149e
-
SSDEEP
49152:RxDlz+apbPodXdzqUd+n7hXt5IuzqGQNgdq:HVbpDoTmXtTq7g
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-