General
-
Target
91ceab9f2eb7193a306a623f99a36fc179b5f3bea962800938bb164e820e3c57N.exe
-
Size
1.8MB
-
Sample
250111-hp9bxszlas
-
MD5
63dc3f178f82a84daa07dc961eafbf10
-
SHA1
cd871d69e85e1c0d9bbb5e0e5344f277c3b6506e
-
SHA256
91ceab9f2eb7193a306a623f99a36fc179b5f3bea962800938bb164e820e3c57
-
SHA512
3f5ae05fa275d29ab2a4d11895df789d9598e0a212a39e3207eff219afc3880e7a9cbc8844600d2851a43930934a18672ade860cf40e3d39cd8c90ef5856a320
-
SSDEEP
49152:57qBbf+wIVJK33+NQAISbPYOh0IK+I5vC4u1BeDp4XKI6GsZK99:0Bbfr8KIQABPYOhDT+ZVc99
Malware Config
Extracted
lumma
https://cloudewahsj.shop/api
https://rabidcowse.shop/api
https://noisycuttej.shop/api
https://tirepublicerj.shop/api
https://framekgirus.shop/api
https://wholersorie.shop/api
https://abruptyopsn.shop/api
https://nearycrepso.shop/api
https://fancywaxxers.shop/api
Targets
-
-
Target
91ceab9f2eb7193a306a623f99a36fc179b5f3bea962800938bb164e820e3c57N.exe
-
Size
1.8MB
-
MD5
63dc3f178f82a84daa07dc961eafbf10
-
SHA1
cd871d69e85e1c0d9bbb5e0e5344f277c3b6506e
-
SHA256
91ceab9f2eb7193a306a623f99a36fc179b5f3bea962800938bb164e820e3c57
-
SHA512
3f5ae05fa275d29ab2a4d11895df789d9598e0a212a39e3207eff219afc3880e7a9cbc8844600d2851a43930934a18672ade860cf40e3d39cd8c90ef5856a320
-
SSDEEP
49152:57qBbf+wIVJK33+NQAISbPYOh0IK+I5vC4u1BeDp4XKI6GsZK99:0Bbfr8KIQABPYOhDT+ZVc99
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
2