Overview

overview

10

Static

static

3

random[1].exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    random[1].exe

  • Size

    3.0MB

  • Sample

    250109-hv9vmsvmhr

  • MD5

    c77592f28d3267b7c5e0529b6741548a

  • SHA1

    e0a741dbbdd703b9254e5613b36dc727262c1efc

  • SHA256

    739345a9fa6a95c79e3aaf761a810e917492c2072330ec5bb058447b9d56ea62

  • SHA512

    5286b4313116ac2fd7096e5c60bf4a221e4efba3ce15cabd7ba79432ab62e77518244ec7d89b24bc4cffd9cb5c21f67c10dd3434ecf6f5cb94c5aab1e4134314

  • SSDEEP

    49152:kkIlQwjVgzA0wb9Ah375vpndrsYtS8EACCRG0g+/yWXPifETW:slngzby9AhFvpndgYt/Eirgiph

Score
10/10
lummadiscoveryevasionstealer

Malware Config

Extracted

Family

lumma

C2

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

https://fancywaxxers.shop/api

Targets

    • Target

      random[1].exe

    • Size

      3.0MB

    • MD5

      c77592f28d3267b7c5e0529b6741548a

    • SHA1

      e0a741dbbdd703b9254e5613b36dc727262c1efc

    • SHA256

      739345a9fa6a95c79e3aaf761a810e917492c2072330ec5bb058447b9d56ea62

    • SHA512

      5286b4313116ac2fd7096e5c60bf4a221e4efba3ce15cabd7ba79432ab62e77518244ec7d89b24bc4cffd9cb5c21f67c10dd3434ecf6f5cb94c5aab1e4134314

    • SSDEEP

      49152:kkIlQwjVgzA0wb9Ah375vpndrsYtS8EACCRG0g+/yWXPifETW:slngzby9AhFvpndgYt/Eirgiph

    Score
    10/10
    lummadiscoveryevasionstealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Lumma family

      lumma

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks