Unveiling LummaC2 stealer’s novel Anti-Sandbox technique: Leveraging trigonometry for human behavior detection [Wednesday, November 22, 2023]

Unveiling LummaC2 stealer’s novel Anti-Sandbox technique: Leveraging trigonometry for human behavior detection [Wednesday, November 22, 2023]
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/ATTACK-REPORT-LOGO-2.png
Report

Unveiling LummaC2 stealer’s novel Anti-Sandbox technique: Leveraging trigonometry for human behavior detection

Description :
In this blogpost, outpost24 will take a deep dive into a new Anti-Sandbox technique LummaC2 v4.0 stealer is using to avoid detonation if no human mouse activity is detected. To be able to reproduce the analysis, outpost24 will also assess the packer and LummaC2 v4.0 new Control Flow Flattening obfuscation (present in all samples by default) to effectively analyze the malware. Analysis of the packer is also relevant, as the threat actor selling LummaC2 v4.0 strongly discourages spreading the malware in its unaltered form.

Published :
2023-11-22T14:20:17.452Z

Created :
2023-11-22T14:20:17.452Z

Modified :
2023-11-22T14:28:40.741Z

Tags

  • lummac2
  • anti-sandbox

Indicators

Domains :
  • gogobad.fun
  • curtainjors.fun
  • superyupp.fun
Hashes :
  • 4408ce79e355f153fa43c05c582d4e264aec435cf5575574cb85dfe888366f86
  • b14ddf64ace0b5f0d7452be28d07355c1c6865710dbed84938e2af48ccaa46cf
  • 976c8df8c33ec7b8c6b5944a5caca5631f1ec9d1d528b8a748fee6aae68814e3
  • de6c4c3ddb3a3ddbcbea9124f93429bf987dcd8192e0f1b4a826505429b74560
Attacks Pattern :
  • T1057
  • T1003
  • T1497
  • T1056
  • T1027
  • T1104
  • T1218
External References :

You can download the txt file containing the indicators by clicking on the button below:

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.