Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
74d0b71e5910275bebd2a6a53a6576e243f39c29d69555308b4580a811ac3de0
-
Size
1.7MB
-
Sample
241010-b8z42atgmb
-
MD5
95aa54bc96da077088a962a23fe7723b
-
SHA1
84ec633a7aac5c9000f5e0e5f208fbff21f74dac
-
SHA256
74d0b71e5910275bebd2a6a53a6576e243f39c29d69555308b4580a811ac3de0
-
SHA512
32f33c48c5bb17b52e3036fe2aa6e52c03d68f3571276f96a9fbdbf56929910476e4d906be7b20dcd1dc9b64647c2abd43ed898ff58973cd8ec9d91695217280
-
SSDEEP
49152:v0DiQxorcqhtEHp2yyUjv8UKWxaxx5ZIvYsBP2Op:2irNtqyUj0zW45UDB
Malware Config
Extracted
lumma
https://clearancek.site
https://licendfilteo.site
https://spirittunek.store
https://bathdoomgaz.store
https://studennotediw.store
https://dissapoiznw.store
https://eaglepawnoy.store
https://mobbipenju.store
Targets
-
-
Target
74d0b71e5910275bebd2a6a53a6576e243f39c29d69555308b4580a811ac3de0
-
Size
1.7MB
-
MD5
95aa54bc96da077088a962a23fe7723b
-
SHA1
84ec633a7aac5c9000f5e0e5f208fbff21f74dac
-
SHA256
74d0b71e5910275bebd2a6a53a6576e243f39c29d69555308b4580a811ac3de0
-
SHA512
32f33c48c5bb17b52e3036fe2aa6e52c03d68f3571276f96a9fbdbf56929910476e4d906be7b20dcd1dc9b64647c2abd43ed898ff58973cd8ec9d91695217280
-
SSDEEP
49152:v0DiQxorcqhtEHp2yyUjv8UKWxaxx5ZIvYsBP2Op:2irNtqyUj0zW45UDB
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
2