lumma | eba0aa6825c4b419e93c2afd5b830f7f2f93dd9e0b78ca3da20b7516a892cadc | Triage

Sharing

General

Target

eba0aa6825c4b419e93c2afd5b830f7f2f93dd9e0b78ca3da20b7516a892cadc.exe
Size

1.8MB
Sample

241231-xqcfxawqhr
MD5

d515cfa28f64d47d014a9c796b6fb03e
SHA1

0e4d5f44f6a5a78b34d2503db304ea9c8b28d575
SHA256

eba0aa6825c4b419e93c2afd5b830f7f2f93dd9e0b78ca3da20b7516a892cadc
SHA512

af0d018818c535ad48a6d67ea61e3e894002552594087e35c8a5c9ce515ca283d79dd0af26703992dd83897983b5704f419f3a46065d98277117d16786604664
SSDEEP

49152:bl3Z4CRoKSo+7uj2RJ7VVNk1cktO3nTVoZFop:R3ZxRdSn7N5v6iktO3TVoIp

Score

10^/10

lumma discovery evasion stealer

Malware Config

Extracted

Family

lumma

C2

https://hummskitnj.buzz/api

https://cashfuzysao.buzz/api

https://appliacnesot.buzz/api

https://screwamusresz.buzz/api

https://inherineau.buzz/api

https://scentniej.buzz/api

https://rebuildeso.buzz/api

https://prisonyfork.buzz/api

https://mindhandru.buzz/api

Targets

- Target
  
  eba0aa6825c4b419e93c2afd5b830f7f2f93dd9e0b78ca3da20b7516a892cadc.exe
- Size
  
  1.8MB
- MD5
  
  d515cfa28f64d47d014a9c796b6fb03e
- SHA1
  
  0e4d5f44f6a5a78b34d2503db304ea9c8b28d575
- SHA256
  
  eba0aa6825c4b419e93c2afd5b830f7f2f93dd9e0b78ca3da20b7516a892cadc
- SHA512
  
  af0d018818c535ad48a6d67ea61e3e894002552594087e35c8a5c9ce515ca283d79dd0af26703992dd83897983b5704f419f3a46065d98277117d16786604664
- SSDEEP
  
  49152:bl3Z4CRoKSo+7uj2RJ7VVNk1cktO3nTVoZFop:R3ZxRdSn7N5v6iktO3TVoIp
Score

10^/10

lumma discovery evasion stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoveryevasionstealer

behavioral2

lummadiscoveryevasionstealer