General
-
Target
file.exe
-
Size
1.8MB
-
Sample
241128-e4tm8s1qfl
-
MD5
ce43ce23bf4d7d8900e1d2c977a21485
-
SHA1
abfb344c9e741d65422f860b6a264427edae49c4
-
SHA256
6d880676ae7d6879ae8a558d891980c4ea1ff1f35fe389e611939a89b3ed5763
-
SHA512
a1ace2a775c4c3928bb6db2f1355f700ef87394704ad4c94c130dc12642473063a56343a5417315276df3ca0ab013b5a4862a01cc5fe749d92365a75da639958
-
SSDEEP
49152:ce7QaMRa7Y/wi1VrRiOunmcBKHwNDqXe7v:ubssIi1VtXunrEu7
Malware Config
Extracted
lumma
https://preside-comforter.sbs
https://savvy-steereo.sbs
https://copper-replace.sbs
https://record-envyp.sbs
https://slam-whipp.sbs
https://wrench-creter.sbs
https://looky-marked.sbs
https://plastic-mitten.sbs
https://hallowed-noisy.sbs
Targets
-
-
Target
file.exe
-
Size
1.8MB
-
MD5
ce43ce23bf4d7d8900e1d2c977a21485
-
SHA1
abfb344c9e741d65422f860b6a264427edae49c4
-
SHA256
6d880676ae7d6879ae8a558d891980c4ea1ff1f35fe389e611939a89b3ed5763
-
SHA512
a1ace2a775c4c3928bb6db2f1355f700ef87394704ad4c94c130dc12642473063a56343a5417315276df3ca0ab013b5a4862a01cc5fe749d92365a75da639958
-
SSDEEP
49152:ce7QaMRa7Y/wi1VrRiOunmcBKHwNDqXe7v:ubssIi1VtXunrEu7
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-