lumma | bd4a8320ac5a737f5975ba96c4c45e7daff9c5dd2ed1ea6c89732c9129bd90c6 | Triage

Sharing

General

Target

file.exe
Size

1.8MB
Sample

241128-hhylvaypfv
MD5

9f8a64720df0a69d1ea799cab2738d8e
SHA1

7e8af518b91d5e4a0065a42a1404c2b2636e9e00
SHA256

bd4a8320ac5a737f5975ba96c4c45e7daff9c5dd2ed1ea6c89732c9129bd90c6
SHA512

79e725feabfa554c9e92f555a8e4aa030d9e99444daa44145916e1ea241d9a0e048cbf39dd0ef5de2dc773218c57debad771173e35e1c4ccff33df025a777292
SSDEEP

24576:9aM1xpJExQcK/YXo6lsKeFvDXTuF5Z1e3RxlcEoypGyPef7HFLG/vySTRuYzRaOk:fqu0o2eFv3uF5yBnWcGwerFL65/lWc/

Score

10^/10

lumma discovery evasion stealer

Malware Config

Extracted

Family

lumma

C2

https://preside-comforter.sbs

https://savvy-steereo.sbs

https://copper-replace.sbs

https://record-envyp.sbs

https://slam-whipp.sbs

https://wrench-creter.sbs

https://looky-marked.sbs

https://plastic-mitten.sbs

https://hallowed-noisy.sbs

Targets

- Target
  
  file.exe
- Size
  
  1.8MB
- MD5
  
  9f8a64720df0a69d1ea799cab2738d8e
- SHA1
  
  7e8af518b91d5e4a0065a42a1404c2b2636e9e00
- SHA256
  
  bd4a8320ac5a737f5975ba96c4c45e7daff9c5dd2ed1ea6c89732c9129bd90c6
- SHA512
  
  79e725feabfa554c9e92f555a8e4aa030d9e99444daa44145916e1ea241d9a0e048cbf39dd0ef5de2dc773218c57debad771173e35e1c4ccff33df025a777292
- SSDEEP
  
  24576:9aM1xpJExQcK/YXo6lsKeFvDXTuF5Z1e3RxlcEoypGyPef7HFLG/vySTRuYzRaOk:fqu0o2eFv3uF5yBnWcGwerFL65/lWc/
Score

10^/10

lumma discovery evasion stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoveryevasionstealer

behavioral2

lummadiscoveryevasionstealer