General

  • Target

    random.exe

  • Size

    1.8MB

  • Sample

    250701-jcjfeahj2t

  • MD5

    6e8ac9864a04b5503c7b9a698baef1c8

  • SHA1

    d09ff908144da82e5854213b0ca2ad26098d97ad

  • SHA256

    5b74aa460447f063f9b677b8b6dedcaf31bcb43a9e9d818a73fe3414cda310d6

  • SHA512

    ebb40c4e222a1e23d8c630144cc77e964473fef3df2ce3195e2537178e955185dbbf243129134f8932af377a8b13b74c2a0b6a0d30bba92ce2536170d7b8094c

  • SSDEEP

    49152:tnS+HkNRBvmU1rkeih5KeAfsNzSzTFsOl5vp++JJWYAZ:tnSY0vmokeiAfs5wThl5vTAZ

Malware Config

Extracted

Family

lumma

C2

https://rbmlh.xyz/lakd

https://pacwpw.xyz/qwpr

https://comkxjs.xyz/taox

https://unurew.xyz/anhd

https://trsuv.xyz/gait

https://sqgzl.xyz/taoa

https://cexpxg.xyz/airq

https://urarfx.xyz/twox

https://liaxn.xyz/nbzh

Attributes
  • build_id

    f749b04b36704a68c10db775308de2d905dadcc826

Targets

    • Target

      random.exe

    • Size

      1.8MB

    • MD5

      6e8ac9864a04b5503c7b9a698baef1c8

    • SHA1

      d09ff908144da82e5854213b0ca2ad26098d97ad

    • SHA256

      5b74aa460447f063f9b677b8b6dedcaf31bcb43a9e9d818a73fe3414cda310d6

    • SHA512

      ebb40c4e222a1e23d8c630144cc77e964473fef3df2ce3195e2537178e955185dbbf243129134f8932af377a8b13b74c2a0b6a0d30bba92ce2536170d7b8094c

    • SSDEEP

      49152:tnS+HkNRBvmU1rkeih5KeAfsNzSzTFsOl5vp++JJWYAZ:tnSY0vmokeiAfs5wThl5vTAZ

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v16

Tasks