General

  • Target

    d9f6408b67628d5618a4fbaba97404ac55988633ccb2a02a09c95b0b134bafc9

  • Size

    2.0MB

  • Sample

    230722-xjrbgsbg67

  • MD5

    8bb15c76e2d55780ced07a1a2c589486

  • SHA1

    1c28776b212347e0746743db176820aecfeb20ea

  • SHA256

    d9f6408b67628d5618a4fbaba97404ac55988633ccb2a02a09c95b0b134bafc9

  • SHA512

    516cdaa2fe2efcc18c5596723ce52f92b9f09b80a089b87e647e0ab807c69cc8e3310a894925674ad628baa32712e93074ffcc2e1a5fd61d5d2b15eb9b0a9a1d

  • SSDEEP

    49152:dusT49TJp6obw7prohAAGQFEVxYL+7vAzieEdfr:FaPtGXVKEvAz+dr

Malware Config

Targets

    • Target

      d9f6408b67628d5618a4fbaba97404ac55988633ccb2a02a09c95b0b134bafc9

    • Size

      2.0MB

    • MD5

      8bb15c76e2d55780ced07a1a2c589486

    • SHA1

      1c28776b212347e0746743db176820aecfeb20ea

    • SHA256

      d9f6408b67628d5618a4fbaba97404ac55988633ccb2a02a09c95b0b134bafc9

    • SHA512

      516cdaa2fe2efcc18c5596723ce52f92b9f09b80a089b87e647e0ab807c69cc8e3310a894925674ad628baa32712e93074ffcc2e1a5fd61d5d2b15eb9b0a9a1d

    • SSDEEP

      49152:dusT49TJp6obw7prohAAGQFEVxYL+7vAzieEdfr:FaPtGXVKEvAz+dr

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks