General
-
Target
66fe3bef55fac776f9d73e3231b52482d93399b0f2d0f78df18232cbe42740b3.exe
-
Size
1.8MB
-
Sample
241128-db99vaxrgk
-
MD5
4df32bf57cee1f78a032410c1e9efcdf
-
SHA1
19a3b33484904a65fbe85fab2a773fab7b7e2929
-
SHA256
66fe3bef55fac776f9d73e3231b52482d93399b0f2d0f78df18232cbe42740b3
-
SHA512
f0a828f78584be34f6f3bae801416697488861cf48f062f6d23beb663d6054e6fa16034671892747b6a9355af1af02e40d7009cee823ed0bdbb776e6a7510e07
-
SSDEEP
49152:PwWOUlJitEtZnGs8cuYpjLJhWyUUtGZLd/sfaOJ:ofUlJitEtFZ8AJhx/kvsfvJ
Malware Config
Extracted
lumma
https://powerful-avoids.sbs
https://motion-treesz.sbs
https://disobey-curly.sbs
https://leg-sate-boat.sbs
https://story-tense-faz.sbs
https://blade-govern.sbs
https://occupy-blushi.sbs
https://frogs-severz.sbs
https://property-imper.sbs
Targets
-
-
Target
66fe3bef55fac776f9d73e3231b52482d93399b0f2d0f78df18232cbe42740b3.exe
-
Size
1.8MB
-
MD5
4df32bf57cee1f78a032410c1e9efcdf
-
SHA1
19a3b33484904a65fbe85fab2a773fab7b7e2929
-
SHA256
66fe3bef55fac776f9d73e3231b52482d93399b0f2d0f78df18232cbe42740b3
-
SHA512
f0a828f78584be34f6f3bae801416697488861cf48f062f6d23beb663d6054e6fa16034671892747b6a9355af1af02e40d7009cee823ed0bdbb776e6a7510e07
-
SSDEEP
49152:PwWOUlJitEtZnGs8cuYpjLJhWyUUtGZLd/sfaOJ:ofUlJitEtFZ8AJhx/kvsfvJ
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
2