General
-
Target
Sigmanly_147e5a90a4aa996af89ed826f3ce38c8626fe94a291568c45c8df009f9f4b814
-
Size
5.9MB
-
Sample
250107-y6s92axkcw
-
MD5
e005ba79c9ed37cf2f37fd4dd51fc287
-
SHA1
efbebac49553150c0b53f173ed5ec56d6977754a
-
SHA256
147e5a90a4aa996af89ed826f3ce38c8626fe94a291568c45c8df009f9f4b814
-
SHA512
a1c0ad22c99e7e1b6649567d17ca7a662f1fcc0616af47bc264cf92a1ff7c8d2242e23c8c0be83309457d58a376cdf743cd93a868d69ad166bed1c08107ed132
-
SSDEEP
98304:JLaNOPPdaK7N6F7ZnwnBwZuMDmVPA3FsNnACSAHeemiGW1k1o8jaUaKgLRrKSpOY:JLTNaKU1ZwiilP9AC7Ho/G8mUa1Lt7pN
Malware Config
Extracted
lumma
Targets
-
-
Target
Sigmanly_147e5a90a4aa996af89ed826f3ce38c8626fe94a291568c45c8df009f9f4b814
-
Size
5.9MB
-
MD5
e005ba79c9ed37cf2f37fd4dd51fc287
-
SHA1
efbebac49553150c0b53f173ed5ec56d6977754a
-
SHA256
147e5a90a4aa996af89ed826f3ce38c8626fe94a291568c45c8df009f9f4b814
-
SHA512
a1c0ad22c99e7e1b6649567d17ca7a662f1fcc0616af47bc264cf92a1ff7c8d2242e23c8c0be83309457d58a376cdf743cd93a868d69ad166bed1c08107ed132
-
SSDEEP
98304:JLaNOPPdaK7N6F7ZnwnBwZuMDmVPA3FsNnACSAHeemiGW1k1o8jaUaKgLRrKSpOY:JLTNaKU1ZwiilP9AC7Ho/G8mUa1Lt7pN
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-