General

  • Target

    random.exe

  • Size

    1.8MB

  • Sample

    250121-y7tl7azjas

  • MD5

    d3ec140976bd34429802fc0553ad88fd

  • SHA1

    50a32ecc6bbfd3b03d12ca3e6081a52855b17809

  • SHA256

    700f4ab87c722b2b6d3a431f9d953eed09c9f029112d72c539a3e264c297b342

  • SHA512

    b8658d24af02a99f4f38454dc9ca5de9d1de49918c8a043e07d585b3859c62b767bcae158659f781dc643293f340baa874b52effd9b9008fa48275c3e4d99716

  • SSDEEP

    49152:jC/RE+CskW8V7Nh72MqtF3RuEmi9NXQA:eZeWuNJ2TuuN

Malware Config

Extracted

Family

lumma

C2

https://suggestyuoz.biz/api

Targets

    • Target

      random.exe

    • Size

      1.8MB

    • MD5

      d3ec140976bd34429802fc0553ad88fd

    • SHA1

      50a32ecc6bbfd3b03d12ca3e6081a52855b17809

    • SHA256

      700f4ab87c722b2b6d3a431f9d953eed09c9f029112d72c539a3e264c297b342

    • SHA512

      b8658d24af02a99f4f38454dc9ca5de9d1de49918c8a043e07d585b3859c62b767bcae158659f781dc643293f340baa874b52effd9b9008fa48275c3e4d99716

    • SSDEEP

      49152:jC/RE+CskW8V7Nh72MqtF3RuEmi9NXQA:eZeWuNJ2TuuN

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.