General
-
Target
1ffd04c4a58b2294203e7c08225ab9c921b3afa8944d65ada62795789d6f5d4e.exe
-
Size
1.8MB
-
Sample
250131-wbp8savkhp
-
MD5
6cfa2b1f1d325e183af9ce3a82801f5a
-
SHA1
866f3312dfc551debbe625596e00afcd60e37a0b
-
SHA256
1ffd04c4a58b2294203e7c08225ab9c921b3afa8944d65ada62795789d6f5d4e
-
SHA512
72251b07318736feb2d033d8b2af132fd7cc6431218363398c856fc1602f80c2b60b0e50f848642dc7258b217533938928daf2cf1f201e22390cac6e9f386dd4
-
SSDEEP
49152:HjXh+A2TdmlqA+/FBcqjgykJOrnydBCUq:HGTdmsP1jQVB2
Malware Config
Extracted
lumma
https://toppyneedus.biz/api
Targets
-
-
Target
1ffd04c4a58b2294203e7c08225ab9c921b3afa8944d65ada62795789d6f5d4e.exe
-
Size
1.8MB
-
MD5
6cfa2b1f1d325e183af9ce3a82801f5a
-
SHA1
866f3312dfc551debbe625596e00afcd60e37a0b
-
SHA256
1ffd04c4a58b2294203e7c08225ab9c921b3afa8944d65ada62795789d6f5d4e
-
SHA512
72251b07318736feb2d033d8b2af132fd7cc6431218363398c856fc1602f80c2b60b0e50f848642dc7258b217533938928daf2cf1f201e22390cac6e9f386dd4
-
SSDEEP
49152:HjXh+A2TdmlqA+/FBcqjgykJOrnydBCUq:HGTdmsP1jQVB2
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-