Overview

overview

10

Static

static

3

7e1e613a6f...d5.exe

windows7-x64

10

7e1e613a6f...d5.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7e1e613a6fa1a4b4e191163169d91f241a026a3db776f9eca1f082e4894b88d5.exe

  • Size

    1.8MB

  • Sample

    241128-dg8m7sylan

  • MD5

    454cdef6025e80e4f5b304c9849a095b

  • SHA1

    c7b10c687ef023d6a740f5ba75f8483406acd022

  • SHA256

    7e1e613a6fa1a4b4e191163169d91f241a026a3db776f9eca1f082e4894b88d5

  • SHA512

    be9ba1c62c5ce07ab8da18f0c2147e5a651588b5f4a72517d783c776a5e5fda78454b9ce33835a567f35f755989a82b7fa4784053eb1c6e3f118f276a6b75c73

  • SSDEEP

    49152:CkO3vHBvZPdQ4371Rr6nhHf1189KD4NDZ4PwTR:S3VZV337jWhHfA5tT

Score
10/10
lummadiscoveryevasionstealer

Malware Config

Extracted

Family

lumma

C2

https://preside-comforter.sbs

https://savvy-steereo.sbs

https://copper-replace.sbs

https://record-envyp.sbs

https://slam-whipp.sbs

https://wrench-creter.sbs

https://looky-marked.sbs

https://plastic-mitten.sbs

https://hallowed-noisy.sbs

Extracted

Family

lumma

C2

https://hallowed-noisy.sbs/api

https://plastic-mitten.sbs/api

https://looky-marked.sbs/api

https://wrench-creter.sbs/api

https://slam-whipp.sbs/api

https://record-envyp.sbs/api

https://copper-replace.sbs/api

https://savvy-steereo.sbs/api

https://preside-comforter.sbs/api

Targets

    • Target

      7e1e613a6fa1a4b4e191163169d91f241a026a3db776f9eca1f082e4894b88d5.exe

    • Size

      1.8MB

    • MD5

      454cdef6025e80e4f5b304c9849a095b

    • SHA1

      c7b10c687ef023d6a740f5ba75f8483406acd022

    • SHA256

      7e1e613a6fa1a4b4e191163169d91f241a026a3db776f9eca1f082e4894b88d5

    • SHA512

      be9ba1c62c5ce07ab8da18f0c2147e5a651588b5f4a72517d783c776a5e5fda78454b9ce33835a567f35f755989a82b7fa4784053eb1c6e3f118f276a6b75c73

    • SSDEEP

      49152:CkO3vHBvZPdQ4371Rr6nhHf1189KD4NDZ4PwTR:S3VZV337jWhHfA5tT

    Score
    10/10
    lummadiscoveryevasionstealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Lumma family

      lumma

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks