General
-
Target
Sigmanly_aea1e74825e2d187e04a81bb5ce56593f5769c4b86218e5fc820d900801abdb4
-
Size
5.9MB
-
Sample
250105-px53ssvjcs
-
MD5
8e9ea8e0e87ddaecdbb57823ead16033
-
SHA1
55a9f08b8cb50a2712f74ade216571f823c0a1fd
-
SHA256
aea1e74825e2d187e04a81bb5ce56593f5769c4b86218e5fc820d900801abdb4
-
SHA512
340318b2a5e170e886161cfb4576beb6dac2f478dc872c29d89be549c1dc29ed9c612540e4c14b004910d139c490f5f0a235f150fa91cb2c62f66c0e12f6a9bb
-
SSDEEP
98304:h2VWpbVhslST57nFGCGpNjLr9Bp7QSL4Jfgvklfl3ayZbaShUbO5kuNEJ/e6BiM:h2VWalSFLJG73rGgMJl3baE3iJmei
Malware Config
Extracted
lumma
Targets
-
-
Target
Sigmanly_aea1e74825e2d187e04a81bb5ce56593f5769c4b86218e5fc820d900801abdb4
-
Size
5.9MB
-
MD5
8e9ea8e0e87ddaecdbb57823ead16033
-
SHA1
55a9f08b8cb50a2712f74ade216571f823c0a1fd
-
SHA256
aea1e74825e2d187e04a81bb5ce56593f5769c4b86218e5fc820d900801abdb4
-
SHA512
340318b2a5e170e886161cfb4576beb6dac2f478dc872c29d89be549c1dc29ed9c612540e4c14b004910d139c490f5f0a235f150fa91cb2c62f66c0e12f6a9bb
-
SSDEEP
98304:h2VWpbVhslST57nFGCGpNjLr9Bp7QSL4Jfgvklfl3ayZbaShUbO5kuNEJ/e6BiM:h2VWalSFLJG73rGgMJl3baE3iJmei
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-