General
-
Target
Sigmanly_9505a5fbc4cf4f2d4b7a308621fd3ab36685ec654b61b78942f5db428ddff2e1
-
Size
2.8MB
-
Sample
250105-yzsd6axjcm
-
MD5
21707cd3b6dddc2414d474fb4e867a09
-
SHA1
631f4576c8781fd3811a3d090359508c064b4369
-
SHA256
9505a5fbc4cf4f2d4b7a308621fd3ab36685ec654b61b78942f5db428ddff2e1
-
SHA512
172e8ad048f45de180b494221c2850dcc063894b621256af2b7b2239d8f1d68fe5ba7cd7e51f9f42c0b40ca50cba91a57ec7ffed9e78f64fe9142ad18a8a969f
-
SSDEEP
49152:6T9P+asnVhFj2crMUPhEtR9w6SMM43h/XSl:6TQasnVhFj2+phUR9w6SMb3h
Malware Config
Extracted
lumma
https://hummskitnj.buzz/api
https://cashfuzysao.buzz/api
https://appliacnesot.buzz/api
https://screwamusresz.buzz/api
https://inherineau.buzz/api
https://scentniej.buzz/api
https://rebuildeso.buzz/api
https://prisonyfork.buzz/api
https://mindhandru.buzz/api
Targets
-
-
Target
Sigmanly_9505a5fbc4cf4f2d4b7a308621fd3ab36685ec654b61b78942f5db428ddff2e1
-
Size
2.8MB
-
MD5
21707cd3b6dddc2414d474fb4e867a09
-
SHA1
631f4576c8781fd3811a3d090359508c064b4369
-
SHA256
9505a5fbc4cf4f2d4b7a308621fd3ab36685ec654b61b78942f5db428ddff2e1
-
SHA512
172e8ad048f45de180b494221c2850dcc063894b621256af2b7b2239d8f1d68fe5ba7cd7e51f9f42c0b40ca50cba91a57ec7ffed9e78f64fe9142ad18a8a969f
-
SSDEEP
49152:6T9P+asnVhFj2crMUPhEtR9w6SMM43h/XSl:6TQasnVhFj2+phUR9w6SMb3h
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-