General
-
Target
79a68cdabfed0db4f35af981d8d44889d3124100bffcb1a7fb6473da67804394.zip
-
Size
4KB
-
Sample
241006-bm22haydjk
-
MD5
5631d3a0074b6c93d537ca6974e518cd
-
SHA1
b3141c9824cda0b4bd88af8dcc37389353b98817
-
SHA256
79a68cdabfed0db4f35af981d8d44889d3124100bffcb1a7fb6473da67804394
-
SHA512
6fd5927d1836325f4866f7e95528f1a4d4cecebd0cb66c1ccea29d8697691c5192d954af6052782ee8f38b4a930d885732f9032302f2aa88f1750fc47132c64c
-
SSDEEP
96:ghMjbwQROK0RKz1Eu6SxB6JdysqDAbszKoddVesqFKg6WYof9w4AqOAPdc7x4K:L+R+16SxwdcDAbszxqmxoe4AqvPG
Static task
static1
Behavioral task
behavioral1
Sample
bomb.exe
Resource
win7-20240903-en
Malware Config
Extracted
lumma
Targets
-
-
Target
bomb.exe
-
Size
12KB
-
MD5
55dba6e7aa4e8cc73415f4e3f9f6bdae
-
SHA1
87c9f29d58f57a5e025061d389be2655ee879d5d
-
SHA256
3cea805f1396df15bdbcd4317388a046a41a6079dba04576a58ba7b2c812338a
-
SHA512
f2eb91e812b2ba58c4309fd44edadc8977367c7d9d6214d7e70a0392ae8427d570746ae57cca68dc260901f664f2e8c6c5387118ff01d243abeb5680abe2a352
-
SSDEEP
192:vnpYaU28zxHdo4ZMgQl9q+4ua7HhdSbwxz1ULU87glpK/b26J4Uf1XXr5:vWZdoWMR96uaLhM6ULU870gJR
-
Modifies security service
-
Phorphiex payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1System Services
1Service Execution
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Defense Evasion
Impair Defenses
3Disable or Modify Tools
2Modify Registry
4Virtualization/Sandbox Evasion
2