Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    74d0b71e5910275bebd2a6a53a6576e243f39c29d69555308b4580a811ac3de0

  • Size

    1.7MB

  • Sample

    241010-b8z42atgmb

  • MD5

    95aa54bc96da077088a962a23fe7723b

  • SHA1

    84ec633a7aac5c9000f5e0e5f208fbff21f74dac

  • SHA256

    74d0b71e5910275bebd2a6a53a6576e243f39c29d69555308b4580a811ac3de0

  • SHA512

    32f33c48c5bb17b52e3036fe2aa6e52c03d68f3571276f96a9fbdbf56929910476e4d906be7b20dcd1dc9b64647c2abd43ed898ff58973cd8ec9d91695217280

  • SSDEEP

    49152:v0DiQxorcqhtEHp2yyUjv8UKWxaxx5ZIvYsBP2Op:2irNtqyUj0zW45UDB

Malware Config

Extracted

Family

lumma

C2

https://clearancek.site

https://licendfilteo.site

https://spirittunek.store

https://bathdoomgaz.store

https://studennotediw.store

https://dissapoiznw.store

https://eaglepawnoy.store

https://mobbipenju.store

Targets

    • Target

      74d0b71e5910275bebd2a6a53a6576e243f39c29d69555308b4580a811ac3de0

    • Size

      1.7MB

    • MD5

      95aa54bc96da077088a962a23fe7723b

    • SHA1

      84ec633a7aac5c9000f5e0e5f208fbff21f74dac

    • SHA256

      74d0b71e5910275bebd2a6a53a6576e243f39c29d69555308b4580a811ac3de0

    • SHA512

      32f33c48c5bb17b52e3036fe2aa6e52c03d68f3571276f96a9fbdbf56929910476e4d906be7b20dcd1dc9b64647c2abd43ed898ff58973cd8ec9d91695217280

    • SSDEEP

      49152:v0DiQxorcqhtEHp2yyUjv8UKWxaxx5ZIvYsBP2Op:2irNtqyUj0zW45UDB

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks