General
-
Target
Sigmanly_cd283bf16bfab72d46edbd4572150e3b287e5bafc7c41efcb4b61fc4529a571c
-
Size
2.7MB
-
Sample
250107-qnrdqavlgp
-
MD5
f3b7bd1924e88e3cc7aa4da8d60f277a
-
SHA1
b24720d9176fd93288a7f648bd4017b493b8161f
-
SHA256
cd283bf16bfab72d46edbd4572150e3b287e5bafc7c41efcb4b61fc4529a571c
-
SHA512
c711b3c19715258211aa06b795224330d80eab43305a8610aa138411825e1c438ecb3454740869a5c82b1973f5d2b52b9355ac8aa31bdaa452cec305c41f933f
-
SSDEEP
49152:NXocJuoyj52VYiOzF3cucsEDHBRWbRtQ/Z5b:TJuoyj52VYiecHsWR2gB5b
Malware Config
Extracted
lumma
https://hummskitnj.buzz/api
https://cashfuzysao.buzz/api
https://appliacnesot.buzz/api
https://screwamusresz.buzz/api
https://inherineau.buzz/api
https://scentniej.buzz/api
https://rebuildeso.buzz/api
https://prisonyfork.buzz/api
https://mindhandru.buzz/api
Targets
-
-
Target
Sigmanly_cd283bf16bfab72d46edbd4572150e3b287e5bafc7c41efcb4b61fc4529a571c
-
Size
2.7MB
-
MD5
f3b7bd1924e88e3cc7aa4da8d60f277a
-
SHA1
b24720d9176fd93288a7f648bd4017b493b8161f
-
SHA256
cd283bf16bfab72d46edbd4572150e3b287e5bafc7c41efcb4b61fc4529a571c
-
SHA512
c711b3c19715258211aa06b795224330d80eab43305a8610aa138411825e1c438ecb3454740869a5c82b1973f5d2b52b9355ac8aa31bdaa452cec305c41f933f
-
SSDEEP
49152:NXocJuoyj52VYiOzF3cucsEDHBRWbRtQ/Z5b:TJuoyj52VYiecHsWR2gB5b
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
2