General
-
Target
7a58ea79e18acffa09370717fbcffe0b3aeb344f4037bd38feb45f5c0671f32d.exe
-
Size
1.8MB
-
Sample
241128-dfxvbaykcq
-
MD5
9b77922b04d6fd67f521d9ee14348a61
-
SHA1
a653c93dc24b5967c6a7936d6af82ed3994e13e8
-
SHA256
7a58ea79e18acffa09370717fbcffe0b3aeb344f4037bd38feb45f5c0671f32d
-
SHA512
bfb066880b229fa13095b5df5a290698e967e8569a51c8fb5ed8ad16f862091c5d6b7fd28b3ce90692ce2024536b29e6ef80f09098a3f8df4500747bf08fc2ea
-
SSDEEP
49152:fHCFh/B7xPk7Gpzgi7NR7rC/mfik/XrOf9B3KI9/hzqqG6:fHSB7lxzVCWlXrYac
Malware Config
Extracted
lumma
https://powerful-avoids.sbs
https://motion-treesz.sbs
https://disobey-curly.sbs
https://leg-sate-boat.sbs
https://story-tense-faz.sbs
https://blade-govern.sbs
https://occupy-blushi.sbs
https://frogs-severz.sbs
https://property-imper.sbs
Targets
-
-
Target
7a58ea79e18acffa09370717fbcffe0b3aeb344f4037bd38feb45f5c0671f32d.exe
-
Size
1.8MB
-
MD5
9b77922b04d6fd67f521d9ee14348a61
-
SHA1
a653c93dc24b5967c6a7936d6af82ed3994e13e8
-
SHA256
7a58ea79e18acffa09370717fbcffe0b3aeb344f4037bd38feb45f5c0671f32d
-
SHA512
bfb066880b229fa13095b5df5a290698e967e8569a51c8fb5ed8ad16f862091c5d6b7fd28b3ce90692ce2024536b29e6ef80f09098a3f8df4500747bf08fc2ea
-
SSDEEP
49152:fHCFh/B7xPk7Gpzgi7NR7rC/mfik/XrOf9B3KI9/hzqqG6:fHSB7lxzVCWlXrYac
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-