Overview

overview

10

Static

static

3

43917446f0...7N.exe

windows7-x64

10

43917446f0...7N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    43917446f022a9526e726ef8f1b80f8076118c789be40246f3b2b6f644f6e077N.exe

  • Size

    1.8MB

  • Sample

    250103-qlxsqaynfr

  • MD5

    f0b8cca9834c699f7d68a7e4596e8d70

  • SHA1

    b90fe174a6df530f8975b5ae2b3bc44e0260b013

  • SHA256

    43917446f022a9526e726ef8f1b80f8076118c789be40246f3b2b6f644f6e077

  • SHA512

    a09ecdd671ab44cbccf0b915c3c3067067e9c124b1a1a33439c3e07af74381ea28cdbd1dc80c6a5d2001afd682e3d30e3b925e7efe0a7a2226e9ee894ee32c13

  • SSDEEP

    49152:01TGnIEL6UJrBhTWiv3rOPjbl3egrmbXgZg2+Jc:cTAIEL6UJ1hTWiaPjbl3ebb6F

Score
10/10
lummadiscoveryevasionstealer

Malware Config

Extracted

Family

lumma

C2

https://pollution-raker.cyou/api

https://hosue-billowy.cyou/api

https://ripe-blade.cyou/api

https://smash-boiling.cyou/api

https://supporse-comment.cyou/api

https://greywe-snotty.cyou/api

https://steppriflej.xyz/api

https://sendypaster.xyz/api

https://cuddlyready.xyz/api

Targets

    • Target

      43917446f022a9526e726ef8f1b80f8076118c789be40246f3b2b6f644f6e077N.exe

    • Size

      1.8MB

    • MD5

      f0b8cca9834c699f7d68a7e4596e8d70

    • SHA1

      b90fe174a6df530f8975b5ae2b3bc44e0260b013

    • SHA256

      43917446f022a9526e726ef8f1b80f8076118c789be40246f3b2b6f644f6e077

    • SHA512

      a09ecdd671ab44cbccf0b915c3c3067067e9c124b1a1a33439c3e07af74381ea28cdbd1dc80c6a5d2001afd682e3d30e3b925e7efe0a7a2226e9ee894ee32c13

    • SSDEEP

      49152:01TGnIEL6UJrBhTWiv3rOPjbl3egrmbXgZg2+Jc:cTAIEL6UJ1hTWiaPjbl3ebb6F

    Score
    10/10
    lummadiscoveryevasionstealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Lumma family

      lumma

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks