General
-
Target
a836f872baf8f983a1e9ddd0e894bdabb7d304bc5e05ee6ff88b3e8148b32431.exe
-
Size
3.0MB
-
Sample
250109-fxsb9ssleq
-
MD5
34ab083f9bee0579926c09d5c7f31c89
-
SHA1
8e0bca2bd41f22b34b4e928d6ea19e441eb01db9
-
SHA256
a836f872baf8f983a1e9ddd0e894bdabb7d304bc5e05ee6ff88b3e8148b32431
-
SHA512
fdc34d59ee010a2525ecdcf36c8b00da047cd1b3a98d59ec3601dd9c782fce11259a0bbc8b13cfb6d18b161f9adf81a1b2ad7a19d067ebf9b78b2800b5b258ed
-
SSDEEP
49152:8SkbCn3iMUi6XMUhRKOgKPm0oIWOFgiEg0qTh1m+v4E9CHE:x0Cn3iMUi/MYHWKIWO/ESDmEP
Malware Config
Extracted
lumma
https://cloudewahsj.shop/api
https://rabidcowse.shop/api
https://noisycuttej.shop/api
https://tirepublicerj.shop/api
https://framekgirus.shop/api
https://wholersorie.shop/api
https://abruptyopsn.shop/api
https://nearycrepso.shop/api
https://fancywaxxers.shop/api
Targets
-
-
Target
a836f872baf8f983a1e9ddd0e894bdabb7d304bc5e05ee6ff88b3e8148b32431.exe
-
Size
3.0MB
-
MD5
34ab083f9bee0579926c09d5c7f31c89
-
SHA1
8e0bca2bd41f22b34b4e928d6ea19e441eb01db9
-
SHA256
a836f872baf8f983a1e9ddd0e894bdabb7d304bc5e05ee6ff88b3e8148b32431
-
SHA512
fdc34d59ee010a2525ecdcf36c8b00da047cd1b3a98d59ec3601dd9c782fce11259a0bbc8b13cfb6d18b161f9adf81a1b2ad7a19d067ebf9b78b2800b5b258ed
-
SSDEEP
49152:8SkbCn3iMUi6XMUhRKOgKPm0oIWOFgiEg0qTh1m+v4E9CHE:x0Cn3iMUi/MYHWKIWO/ESDmEP
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-