Yes, it’s certainly technically possible. For instance, the cetrtificate for Microsoft Outlook Web Access (https://outlook.office365.com) was issued to outlook.com, and has a combination of wildcarded and non-wildcarded names in the SAN section:
DNS Name=outlook.com
DNS Name=*.outlook.com
DNS Name=office365.com
DNS Name=*.office365.com
DNS Name=*.live.com
DNS Name=*.internal.outlook.com
DNS Name=*.outlook.office365.com
DNS Name=outlook.office.com
DNS Name=attachment.outlook.office.net
DNS Name=attachment.outlook.officeppe.net
Of course, as pointed out above, this cert was issued by Microsoft themselves, so they can pretty much do what they want.