General
-
Target
4c6b7ba6a2226ad15703f8917cab4cf1776e51da384d5a6f494bb15eb3c15590.exe
-
Size
1.7MB
-
Sample
241128-c6bjbsxper
-
MD5
37d5067ba53567df1d9d4d8394d446c6
-
SHA1
84ec28d7f143f14ca665cf83c87f5cfc2a419f1a
-
SHA256
4c6b7ba6a2226ad15703f8917cab4cf1776e51da384d5a6f494bb15eb3c15590
-
SHA512
b33ecd6181bd8f0f4ed9cfad704b2ca24a0b454cda253735ce19155767ddc49251af1266ae90d5f0b0e9e23c607d0a12a08d8d2206cfd2ec043f33ed97407118
-
SSDEEP
49152:v6jm5dDkJhSqXGDQS5GZ05lEt6uXsvP0rpz:NvGhKDQ705lEFXsvcp
Malware Config
Extracted
lumma
https://powerful-avoids.sbs
https://motion-treesz.sbs
https://disobey-curly.sbs
https://leg-sate-boat.sbs
https://story-tense-faz.sbs
https://blade-govern.sbs
https://occupy-blushi.sbs
https://frogs-severz.sbs
https://property-imper.sbs
Targets
-
-
Target
4c6b7ba6a2226ad15703f8917cab4cf1776e51da384d5a6f494bb15eb3c15590.exe
-
Size
1.7MB
-
MD5
37d5067ba53567df1d9d4d8394d446c6
-
SHA1
84ec28d7f143f14ca665cf83c87f5cfc2a419f1a
-
SHA256
4c6b7ba6a2226ad15703f8917cab4cf1776e51da384d5a6f494bb15eb3c15590
-
SHA512
b33ecd6181bd8f0f4ed9cfad704b2ca24a0b454cda253735ce19155767ddc49251af1266ae90d5f0b0e9e23c607d0a12a08d8d2206cfd2ec043f33ed97407118
-
SSDEEP
49152:v6jm5dDkJhSqXGDQS5GZ05lEt6uXsvP0rpz:NvGhKDQ705lEFXsvcp
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
2