General
-
Target
file.exe
-
Size
1.8MB
-
Sample
241128-ggvywsxpbt
-
MD5
5d5fdea746c3d9cb1cc539e3d921386a
-
SHA1
47d109712d5a501641c727887d7c26bc805a3de6
-
SHA256
9622fa3e985d189c0d9f4f50f3f1b494a7b0597cc5970bbce6ccd87a2c6e50ca
-
SHA512
726854bf1a8b84d177c9a2bd1b503afe9c1ca74ed96b0cb217ac395471c43383a71253cc580ba99d48e6bf96737c3e5fe341bf0449ba1396e496262e08a3fc35
-
SSDEEP
49152:O1kgUEFzw9Y+L62JhA05ZpkEmfocThY4oSkNUzXn:O1uEJwHdyEmjTa4Lkk
Malware Config
Extracted
lumma
https://preside-comforter.sbs
https://savvy-steereo.sbs
https://copper-replace.sbs
https://record-envyp.sbs
https://slam-whipp.sbs
https://wrench-creter.sbs
https://looky-marked.sbs
https://plastic-mitten.sbs
https://hallowed-noisy.sbs
Targets
-
-
Target
file.exe
-
Size
1.8MB
-
MD5
5d5fdea746c3d9cb1cc539e3d921386a
-
SHA1
47d109712d5a501641c727887d7c26bc805a3de6
-
SHA256
9622fa3e985d189c0d9f4f50f3f1b494a7b0597cc5970bbce6ccd87a2c6e50ca
-
SHA512
726854bf1a8b84d177c9a2bd1b503afe9c1ca74ed96b0cb217ac395471c43383a71253cc580ba99d48e6bf96737c3e5fe341bf0449ba1396e496262e08a3fc35
-
SSDEEP
49152:O1kgUEFzw9Y+L62JhA05ZpkEmfocThY4oSkNUzXn:O1uEJwHdyEmjTa4Lkk
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
2