General
-
Target
3fd3fd24c4062b35ebab8f893be3c41be54d687dda4236c8f17121dc85a426dcN.exe
-
Size
1.8MB
-
Sample
241230-yg969awjer
-
MD5
d1f6c2083d94c10bf23c7364e0553d90
-
SHA1
73c77c7c0a0e07970cfea13a3032fd214836849c
-
SHA256
3fd3fd24c4062b35ebab8f893be3c41be54d687dda4236c8f17121dc85a426dc
-
SHA512
8d2fc6d97a487ade3d335fcb17d04db3b4850a6f72a09a9dae15522705b1f7e633c86a1820ee8fb67278d9fe7f8d442e5bc28755a69160fb8a6337cc2d4c11fc
-
SSDEEP
49152:jkX0ECGPXmvFaJaNWKCSK75kVmeTUzQAfBcQB29:jM1PGooNx2UvTUzQqi9
Malware Config
Extracted
lumma
https://hummskitnj.buzz/api
https://cashfuzysao.buzz/api
https://appliacnesot.buzz/api
https://screwamusresz.buzz/api
https://inherineau.buzz/api
https://scentniej.buzz/api
https://rebuildeso.buzz/api
https://prisonyfork.buzz/api
https://mindhandru.buzz/api
Targets
-
-
Target
3fd3fd24c4062b35ebab8f893be3c41be54d687dda4236c8f17121dc85a426dcN.exe
-
Size
1.8MB
-
MD5
d1f6c2083d94c10bf23c7364e0553d90
-
SHA1
73c77c7c0a0e07970cfea13a3032fd214836849c
-
SHA256
3fd3fd24c4062b35ebab8f893be3c41be54d687dda4236c8f17121dc85a426dc
-
SHA512
8d2fc6d97a487ade3d335fcb17d04db3b4850a6f72a09a9dae15522705b1f7e633c86a1820ee8fb67278d9fe7f8d442e5bc28755a69160fb8a6337cc2d4c11fc
-
SSDEEP
49152:jkX0ECGPXmvFaJaNWKCSK75kVmeTUzQAfBcQB29:jM1PGooNx2UvTUzQqi9
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
2