General
-
Target
17f2ee4a3eb6cebeb44bbbc6fcb052e36eb8f8a9aab4137e97f3cb6705acb2b2N.exe
-
Size
1.8MB
-
Sample
250104-tlfe8aynam
-
MD5
3dc6385c356b2dc545daa1427f2ffe60
-
SHA1
78b6bde1656d34d552364c53566a9b798828a539
-
SHA256
17f2ee4a3eb6cebeb44bbbc6fcb052e36eb8f8a9aab4137e97f3cb6705acb2b2
-
SHA512
4e8be2f43d1ddf581e764a955cbae665f63d9488da12ecdbc1d4385850855b40384ebcf7bd744c3680c79b79f04d90973e77332cc392fd6a8defa4de55e39caf
-
SSDEEP
49152:t4cAb3yEXzgydU4fY713Wc+qkRvq9Cu39+Sj:+LjXzz671ERvq9t3p
Malware Config
Extracted
lumma
https://hummskitnj.buzz/api
https://cashfuzysao.buzz/api
https://appliacnesot.buzz/api
https://screwamusresz.buzz/api
https://inherineau.buzz/api
https://scentniej.buzz/api
https://rebuildeso.buzz/api
https://prisonyfork.buzz/api
https://mindhandru.buzz/api
Targets
-
-
Target
17f2ee4a3eb6cebeb44bbbc6fcb052e36eb8f8a9aab4137e97f3cb6705acb2b2N.exe
-
Size
1.8MB
-
MD5
3dc6385c356b2dc545daa1427f2ffe60
-
SHA1
78b6bde1656d34d552364c53566a9b798828a539
-
SHA256
17f2ee4a3eb6cebeb44bbbc6fcb052e36eb8f8a9aab4137e97f3cb6705acb2b2
-
SHA512
4e8be2f43d1ddf581e764a955cbae665f63d9488da12ecdbc1d4385850855b40384ebcf7bd744c3680c79b79f04d90973e77332cc392fd6a8defa4de55e39caf
-
SSDEEP
49152:t4cAb3yEXzgydU4fY713Wc+qkRvq9Cu39+Sj:+LjXzz671ERvq9t3p
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-