General
-
Target
31e331808f3cbeb5acae638d4ffb141ae1b38ca4bb24c5e8f072069b72908cf6.exe
-
Size
1.7MB
-
Sample
241127-etsyyswpgs
-
MD5
5a369d503e95364e584d72fecc5df5e2
-
SHA1
701d73923cfac0114d680dba1223ee070dc4e34d
-
SHA256
31e331808f3cbeb5acae638d4ffb141ae1b38ca4bb24c5e8f072069b72908cf6
-
SHA512
514c5694c2286c53bf8ccd762d532bea0e782d305ed078f7582863c3a55e444f152010528624ceb6c4d0925b1308f975e01c1cbf84eae4798e18798274364f31
-
SSDEEP
49152:TeRabIFImRre+3gYyJqS+yV1TfvweMxorc2ZRm8zC:aabSFreesdV1s1xS+
Malware Config
Extracted
lumma
https://p3ar11fter.sbs
https://3xp3cts1aim.sbs
https://owner-vacat10n.sbs
https://peepburry828.sbs
https://p10tgrace.sbs
https://befall-sm0ker.sbs
https://librari-night.sbs
https://processhol.sbs
https://cook-rain.sbs
Extracted
lumma
https://cook-rain.sbs/api
Targets
-
-
Target
31e331808f3cbeb5acae638d4ffb141ae1b38ca4bb24c5e8f072069b72908cf6.exe
-
Size
1.7MB
-
MD5
5a369d503e95364e584d72fecc5df5e2
-
SHA1
701d73923cfac0114d680dba1223ee070dc4e34d
-
SHA256
31e331808f3cbeb5acae638d4ffb141ae1b38ca4bb24c5e8f072069b72908cf6
-
SHA512
514c5694c2286c53bf8ccd762d532bea0e782d305ed078f7582863c3a55e444f152010528624ceb6c4d0925b1308f975e01c1cbf84eae4798e18798274364f31
-
SSDEEP
49152:TeRabIFImRre+3gYyJqS+yV1TfvweMxorc2ZRm8zC:aabSFreesdV1s1xS+
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-