General
-
Target
db2bc2c2bda7cd2ed9b76e8e76e13640743941c1849bc270cf8b64b49056c9b2
-
Size
1.8MB
-
Sample
250128-ejt39sxjcn
-
MD5
37ff3825e8f94affb7585c985ee59282
-
SHA1
e568f53fac0b3ce34fe14e2626fef53ce7ef115e
-
SHA256
db2bc2c2bda7cd2ed9b76e8e76e13640743941c1849bc270cf8b64b49056c9b2
-
SHA512
01a4d8108d3c6df3741ea7060e13a09f28d653b9291f386952c1b4b72db70d76d82317d937f6fc5124c7aa44a5184a1927c6c07ee018de9c055ad40cec4b03ff
-
SSDEEP
49152:HGhcXypZv84mnsXWEmoJ11ILQHoGWKSF6lm+y2e:HPCXvYsXpRMUo2SMO
Malware Config
Extracted
lumma
https://toppyneedus.biz/api
Targets
-
-
Target
db2bc2c2bda7cd2ed9b76e8e76e13640743941c1849bc270cf8b64b49056c9b2
-
Size
1.8MB
-
MD5
37ff3825e8f94affb7585c985ee59282
-
SHA1
e568f53fac0b3ce34fe14e2626fef53ce7ef115e
-
SHA256
db2bc2c2bda7cd2ed9b76e8e76e13640743941c1849bc270cf8b64b49056c9b2
-
SHA512
01a4d8108d3c6df3741ea7060e13a09f28d653b9291f386952c1b4b72db70d76d82317d937f6fc5124c7aa44a5184a1927c6c07ee018de9c055ad40cec4b03ff
-
SSDEEP
49152:HGhcXypZv84mnsXWEmoJ11ILQHoGWKSF6lm+y2e:HPCXvYsXpRMUo2SMO
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
2