7c792e511605657c9ea000df961649c8564abf29835ff31b6a24575ec804818e | Triage

Sharing

General

Target

Lumina.exe
Size

12.9MB
Sample

240919-ecfmaszanh
MD5

2701508afb760aa5d0f58a59364327e6
SHA1

56fb1d882761d666be4b07e7744d1ae826c5323b
SHA256

7c792e511605657c9ea000df961649c8564abf29835ff31b6a24575ec804818e
SHA512

1042aaf87a04fff632914b069604916018d009d227d536c175b9da3250aa2e754cf95facb00a2cf738d4e587849edcfb05e97e3a1ab5aaaa5f77bc0114ef30c1
SSDEEP

393216:lxU3LGjuWBBYAV6xBQBkhbLI/4IZOH+hAhTvB:lXBBBj6xWBiwgyOH+hCTvB

Score

9^/10

evasion execution persistence trojan

Malware Config

Targets

- Target
  
  Lumina.exe
- Size
  
  12.9MB
- MD5
  
  2701508afb760aa5d0f58a59364327e6
- SHA1
  
  56fb1d882761d666be4b07e7744d1ae826c5323b
- SHA256
  
  7c792e511605657c9ea000df961649c8564abf29835ff31b6a24575ec804818e
- SHA512
  
  1042aaf87a04fff632914b069604916018d009d227d536c175b9da3250aa2e754cf95facb00a2cf738d4e587849edcfb05e97e3a1ab5aaaa5f77bc0114ef30c1
- SSDEEP
  
  393216:lxU3LGjuWBBYAV6xBQBkhbLI/4IZOH+hAhTvB:lXBBBj6xWBiwgyOH+hCTvB
Score

9^/10

evasion execution persistence trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Creates new service(s)
  persistence execution
- Drops file in Drivers directory
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionexecutionpersistencetrojan