General
-
Target
file.exe
-
Size
1.8MB
-
Sample
241128-hd2spsvndl
-
MD5
9f8a64720df0a69d1ea799cab2738d8e
-
SHA1
7e8af518b91d5e4a0065a42a1404c2b2636e9e00
-
SHA256
bd4a8320ac5a737f5975ba96c4c45e7daff9c5dd2ed1ea6c89732c9129bd90c6
-
SHA512
79e725feabfa554c9e92f555a8e4aa030d9e99444daa44145916e1ea241d9a0e048cbf39dd0ef5de2dc773218c57debad771173e35e1c4ccff33df025a777292
-
SSDEEP
24576:9aM1xpJExQcK/YXo6lsKeFvDXTuF5Z1e3RxlcEoypGyPef7HFLG/vySTRuYzRaOk:fqu0o2eFv3uF5yBnWcGwerFL65/lWc/
Malware Config
Extracted
lumma
https://preside-comforter.sbs
https://savvy-steereo.sbs
https://copper-replace.sbs
https://record-envyp.sbs
https://slam-whipp.sbs
https://wrench-creter.sbs
https://looky-marked.sbs
https://plastic-mitten.sbs
https://hallowed-noisy.sbs
Targets
-
-
Target
file.exe
-
Size
1.8MB
-
MD5
9f8a64720df0a69d1ea799cab2738d8e
-
SHA1
7e8af518b91d5e4a0065a42a1404c2b2636e9e00
-
SHA256
bd4a8320ac5a737f5975ba96c4c45e7daff9c5dd2ed1ea6c89732c9129bd90c6
-
SHA512
79e725feabfa554c9e92f555a8e4aa030d9e99444daa44145916e1ea241d9a0e048cbf39dd0ef5de2dc773218c57debad771173e35e1c4ccff33df025a777292
-
SSDEEP
24576:9aM1xpJExQcK/YXo6lsKeFvDXTuF5Z1e3RxlcEoypGyPef7HFLG/vySTRuYzRaOk:fqu0o2eFv3uF5yBnWcGwerFL65/lWc/
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
2