General
-
Target
file.exe
-
Size
1.8MB
-
Sample
241128-bthw7syqfv
-
MD5
eb8ae01987f8f5ee705913dbd3270caf
-
SHA1
60b78c860e5b1ebe9382764128300dc325cfeb55
-
SHA256
7b28d2814e50ae464cd45aec39b1ab6d770c710d092336e0de061d5f4b074a89
-
SHA512
866033e202ffbe7ba625fc4d0ed74c2d29e246fabb7a729b8242c3314c6a36c597d550a92698378126aedc66e35262716f8023bc72ed0d07714098fe89044e1c
-
SSDEEP
49152:fuSu9PNeqlspGsXLgxXgfrA/cJ64NCM/:Bu9PNZ8G+ExQDAqxJ
Malware Config
Extracted
lumma
https://preside-comforter.sbs
https://savvy-steereo.sbs
https://copper-replace.sbs
https://record-envyp.sbs
https://slam-whipp.sbs
https://wrench-creter.sbs
https://looky-marked.sbs
https://plastic-mitten.sbs
https://hallowed-noisy.sbs
Extracted
lumma
https://hallowed-noisy.sbs/api
https://plastic-mitten.sbs/api
https://looky-marked.sbs/api
https://wrench-creter.sbs/api
https://slam-whipp.sbs/api
https://record-envyp.sbs/api
https://copper-replace.sbs/api
https://savvy-steereo.sbs/api
https://preside-comforter.sbs/api
Targets
-
-
Target
file.exe
-
Size
1.8MB
-
MD5
eb8ae01987f8f5ee705913dbd3270caf
-
SHA1
60b78c860e5b1ebe9382764128300dc325cfeb55
-
SHA256
7b28d2814e50ae464cd45aec39b1ab6d770c710d092336e0de061d5f4b074a89
-
SHA512
866033e202ffbe7ba625fc4d0ed74c2d29e246fabb7a729b8242c3314c6a36c597d550a92698378126aedc66e35262716f8023bc72ed0d07714098fe89044e1c
-
SSDEEP
49152:fuSu9PNeqlspGsXLgxXgfrA/cJ64NCM/:Bu9PNZ8G+ExQDAqxJ
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-