Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file.exe

  • Size

    1.8MB

  • Sample

    241013-wdevtszanb

  • MD5

    ce1927233b969aabf88d07ff9814332a

  • SHA1

    04817881f5375ea4154a2c15b353f978685582ec

  • SHA256

    acea3e2b20d22dd00c98f6aa14b34dfeb514d8f3a81b1649b75d71409876c8c2

  • SHA512

    a3286d56df0ae4da3cd4c8d9de46f4b71ffa53e16534c8fe4bde1b38e7d2c487847ca442c16e0c330a4a18bc5091cf1a9f04d898cbc5fc022501f5f149149785

  • SSDEEP

    49152:XpRX1SpJeNcg6SeteOm9G2aJIAe7yI4T:XjXIrAcg6SHG2aJIAe774T

Malware Config

Extracted

Family

lumma

C2

https://clearancek.site

https://licendfilteo.site

https://spirittunek.store

https://bathdoomgaz.store

https://studennotediw.store

https://dissapoiznw.store

https://eaglepawnoy.store

https://mobbipenju.store

Targets

    • Target

      file.exe

    • Size

      1.8MB

    • MD5

      ce1927233b969aabf88d07ff9814332a

    • SHA1

      04817881f5375ea4154a2c15b353f978685582ec

    • SHA256

      acea3e2b20d22dd00c98f6aa14b34dfeb514d8f3a81b1649b75d71409876c8c2

    • SHA512

      a3286d56df0ae4da3cd4c8d9de46f4b71ffa53e16534c8fe4bde1b38e7d2c487847ca442c16e0c330a4a18bc5091cf1a9f04d898cbc5fc022501f5f149149785

    • SSDEEP

      49152:XpRX1SpJeNcg6SeteOm9G2aJIAe7yI4T:XjXIrAcg6SHG2aJIAe774T

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks