General

  • Target

    random.exe

  • Size

    1.8MB

  • Sample

    250121-y3bktazkgn

  • MD5

    10f6e997bed045a8c840b09bc411b19f

  • SHA1

    caf53afb90487800622d2bf05809921c6f565302

  • SHA256

    32b01a63cca8f2d7c6828280387e0c7e1a2c909a8e09b0d5f65e32d066e7ba7e

  • SHA512

    b50c19cf41e9c75feb21fd33eb5f9d7ac1f3756d200d433d31ffb3c6257a79afa8c66d4917c5379b6d352cc0c2cd6c5530a09b4b6d850f12234ccce03b963516

  • SSDEEP

    49152:3f803pPTEzyLob2TBQYIKdMTfvgG+zkg:3f80ZLtLbT0skv+zk

Malware Config

Extracted

Family

lumma

C2

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

Targets

    • Target

      random.exe

    • Size

      1.8MB

    • MD5

      10f6e997bed045a8c840b09bc411b19f

    • SHA1

      caf53afb90487800622d2bf05809921c6f565302

    • SHA256

      32b01a63cca8f2d7c6828280387e0c7e1a2c909a8e09b0d5f65e32d066e7ba7e

    • SHA512

      b50c19cf41e9c75feb21fd33eb5f9d7ac1f3756d200d433d31ffb3c6257a79afa8c66d4917c5379b6d352cc0c2cd6c5530a09b4b6d850f12234ccce03b963516

    • SSDEEP

      49152:3f803pPTEzyLob2TBQYIKdMTfvgG+zkg:3f80ZLtLbT0skv+zk

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.