General
-
Target
NOPRR_random.exe
-
Size
1.8MB
-
Sample
250410-xq9fmsznx7
-
MD5
0f2c66c4776b2147eaa133ba0daead8f
-
SHA1
a7fd7d1905ab19dd8b42b750b2427050487262fa
-
SHA256
7abbcb14d60bd3acf2e4ed1153ab88c3356276c850cf6da36107ecc4d3a84b49
-
SHA512
9541fb255245ac8e89e1f187f6c4534ea82e5734bf4ec74d97feffcb7110a3beccab4935376c4f17d2c71ecdd8ec4dc2f38764ce46b87b79be65e91b59027388
-
SSDEEP
49152:WakSFAlbvRCmPJseKride+49E9ZDaPYx:WaZ+lzRCmPJyH9XQ
Malware Config
Extracted
lumma
https://rodformi.run/aUosoz
https://metalsyo.digital/opsa
https://ironloxp.live/aksdd
https://navstarx.shop/FoaJSi
https://wstarcloc.bet/GOksAo
https://advennture.top/GKsiio
https://atargett.top/dsANGt
https://spacedbv.world/EKdlsk
https://galxnetb.today/GsuIAo
Targets
-
-
Target
NOPRR_random.exe
-
Size
1.8MB
-
MD5
0f2c66c4776b2147eaa133ba0daead8f
-
SHA1
a7fd7d1905ab19dd8b42b750b2427050487262fa
-
SHA256
7abbcb14d60bd3acf2e4ed1153ab88c3356276c850cf6da36107ecc4d3a84b49
-
SHA512
9541fb255245ac8e89e1f187f6c4534ea82e5734bf4ec74d97feffcb7110a3beccab4935376c4f17d2c71ecdd8ec4dc2f38764ce46b87b79be65e91b59027388
-
SSDEEP
49152:WakSFAlbvRCmPJseKride+49E9ZDaPYx:WaZ+lzRCmPJyH9XQ
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-