lumma | 540319216f35894c8d8252208fb9d8aa9414f9805d7ce0bf3c674c0dfafedb4c | Triage

Sharing

General

Target

Sigmanly_540319216f35894c8d8252208fb9d8aa9414f9805d7ce0bf3c674c0dfafedb4c
Size

1.8MB
Sample

250105-lbxmrasjen
MD5

a95fc73c07c7d57256de64b06e73a6cd
SHA1

b5b823520691853414948ed9b962e3cf886b868c
SHA256

540319216f35894c8d8252208fb9d8aa9414f9805d7ce0bf3c674c0dfafedb4c
SHA512

04462857b8574fdc3ef84ff0b7842ee7c64d264c70c2a28c842edaed23f7cc4f15fb0efdfcdea2ec87248be1c1c2f1bc1392c7b49221808b95a3e54cbb1f24a0
SSDEEP

49152:dB3O3/EYz6z5Mhc1XpL9z9zQiK33c8ez0C/JIg5:Xa//6z5R9p8iKcb0kJT5

Score

10^/10

lumma discovery evasion stealer

Malware Config

Extracted

Family

lumma

C2

https://hummskitnj.buzz/api

https://cashfuzysao.buzz/api

https://appliacnesot.buzz/api

https://screwamusresz.buzz/api

https://inherineau.buzz/api

https://scentniej.buzz/api

https://rebuildeso.buzz/api

https://prisonyfork.buzz/api

https://mindhandru.buzz/api

Targets

- Target
  
  Sigmanly_540319216f35894c8d8252208fb9d8aa9414f9805d7ce0bf3c674c0dfafedb4c
- Size
  
  1.8MB
- MD5
  
  a95fc73c07c7d57256de64b06e73a6cd
- SHA1
  
  b5b823520691853414948ed9b962e3cf886b868c
- SHA256
  
  540319216f35894c8d8252208fb9d8aa9414f9805d7ce0bf3c674c0dfafedb4c
- SHA512
  
  04462857b8574fdc3ef84ff0b7842ee7c64d264c70c2a28c842edaed23f7cc4f15fb0efdfcdea2ec87248be1c1c2f1bc1392c7b49221808b95a3e54cbb1f24a0
- SSDEEP
  
  49152:dB3O3/EYz6z5Mhc1XpL9z9zQiK33c8ez0C/JIg5:Xa//6z5R9p8iKcb0kJT5
Score

10^/10

lumma discovery evasion stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoveryevasionstealer

behavioral2

lummadiscoveryevasionstealer