General
-
Target
5e08e125179811978b6e39e8c84eeb3c2031170187259c9131ec33f89d5cc72e.exe
-
Size
1.8MB
-
Sample
241128-c9vflsxqgm
-
MD5
eea4830bea1798751d472efc6d30548d
-
SHA1
e5bdff33ebbb6c06e9b1732f49171f0515310c7b
-
SHA256
5e08e125179811978b6e39e8c84eeb3c2031170187259c9131ec33f89d5cc72e
-
SHA512
012cfa6456991490a37fdd1a130e34819056abc80750190fde4edc4cfd3e4969b5ec77a051729c72eab4b900f56fbe6669fd797157860a9a6a206f6ed8551106
-
SSDEEP
49152:5wsRA2YKQuOmHXBnxo2Qa2BQl79PqSScLb:FGZulWO227Ie
Malware Config
Extracted
lumma
https://powerful-avoids.sbs
https://motion-treesz.sbs
https://disobey-curly.sbs
https://leg-sate-boat.sbs
https://story-tense-faz.sbs
https://blade-govern.sbs
https://occupy-blushi.sbs
https://frogs-severz.sbs
https://property-imper.sbs
Targets
-
-
Target
5e08e125179811978b6e39e8c84eeb3c2031170187259c9131ec33f89d5cc72e.exe
-
Size
1.8MB
-
MD5
eea4830bea1798751d472efc6d30548d
-
SHA1
e5bdff33ebbb6c06e9b1732f49171f0515310c7b
-
SHA256
5e08e125179811978b6e39e8c84eeb3c2031170187259c9131ec33f89d5cc72e
-
SHA512
012cfa6456991490a37fdd1a130e34819056abc80750190fde4edc4cfd3e4969b5ec77a051729c72eab4b900f56fbe6669fd797157860a9a6a206f6ed8551106
-
SSDEEP
49152:5wsRA2YKQuOmHXBnxo2Qa2BQl79PqSScLb:FGZulWO227Ie
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
2