General
-
Target
random.exe
-
Size
1.8MB
-
Sample
250410-xg3lqszwc1
-
MD5
547350387f23038a7980fef5fbc5c8a7
-
SHA1
715d49ff7b9ac4bc75ffb833dd14341770365b17
-
SHA256
4279c12d216955cfb73bc61128f9ac2741ef3c0d5eb0efdac63acc7647e4bcd2
-
SHA512
76edb8d3238a152f9ffaf57a5d41e0a2523bef374a44f1bbe480f8c60fe693f77e38482a8b660fd2299d5f78b72cbfe8e37a556868d8b7b9f582595af1886c02
-
SSDEEP
49152:Jh3D1uwWID+mbDWRzlXpTzSN8FVPvGuIP:JNFD+nhpCWFp+uIP
Malware Config
Extracted
lumma
https://rodformi.run/aUosoz
https://metalsyo.digital/opsa
https://ironloxp.live/aksdd
https://navstarx.shop/FoaJSi
https://wstarcloc.bet/GOksAo
https://advennture.top/GKsiio
https://atargett.top/dsANGt
https://spacedbv.world/EKdlsk
https://galxnetb.today/GsuIAo
Targets
-
-
Target
random.exe
-
Size
1.8MB
-
MD5
547350387f23038a7980fef5fbc5c8a7
-
SHA1
715d49ff7b9ac4bc75ffb833dd14341770365b17
-
SHA256
4279c12d216955cfb73bc61128f9ac2741ef3c0d5eb0efdac63acc7647e4bcd2
-
SHA512
76edb8d3238a152f9ffaf57a5d41e0a2523bef374a44f1bbe480f8c60fe693f77e38482a8b660fd2299d5f78b72cbfe8e37a556868d8b7b9f582595af1886c02
-
SSDEEP
49152:Jh3D1uwWID+mbDWRzlXpTzSN8FVPvGuIP:JNFD+nhpCWFp+uIP
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-