General
-
Target
Sigmanly_1ad8785caeb519b67ea168477437d8166d9747196a46d22313f48eb4ab86fec8
-
Size
5.9MB
-
Sample
250106-q6esmszqdn
-
MD5
a99adad8a9f9f1d9dcce30c42dd4be3a
-
SHA1
62a01c957ca7d637a1d8090475c4ef2843100bb8
-
SHA256
1ad8785caeb519b67ea168477437d8166d9747196a46d22313f48eb4ab86fec8
-
SHA512
ef4d785015f24cdf4339e9ab0ce8f824456e3b60d9d605fedaeec2403797b4490949bebb248cc076d1fa3d031f82eb86d517bc1cdb4e009e413433d84a29b20c
-
SSDEEP
98304:Xez8a1mzYrkxZ8VYKOwErakov9RUxHJTjrhrpLpMOz8C+kj36YtKonKG6Lq7zzYf:Xez12Yo38VLEraBA3nhLMOJ+I3NtKonr
Malware Config
Extracted
lumma
Targets
-
-
Target
Sigmanly_1ad8785caeb519b67ea168477437d8166d9747196a46d22313f48eb4ab86fec8
-
Size
5.9MB
-
MD5
a99adad8a9f9f1d9dcce30c42dd4be3a
-
SHA1
62a01c957ca7d637a1d8090475c4ef2843100bb8
-
SHA256
1ad8785caeb519b67ea168477437d8166d9747196a46d22313f48eb4ab86fec8
-
SHA512
ef4d785015f24cdf4339e9ab0ce8f824456e3b60d9d605fedaeec2403797b4490949bebb248cc076d1fa3d031f82eb86d517bc1cdb4e009e413433d84a29b20c
-
SSDEEP
98304:Xez8a1mzYrkxZ8VYKOwErakov9RUxHJTjrhrpLpMOz8C+kj36YtKonKG6Lq7zzYf:Xez12Yo38VLEraBA3nhLMOJ+I3NtKonr
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-