General
-
Target
file.exe
-
Size
3.0MB
-
Sample
241108-1c14wssphl
-
MD5
cab3da58169117d6b2b118dfd42908df
-
SHA1
b405fa5f68e74860bac3a0bdbb4a843beba15320
-
SHA256
5666372b2e14e57565845f13137b74f2e15f61e96f1accd7b0fb041fc5ffaf52
-
SHA512
04c0bcef27d0aaf78fa3d3a1ec5eb2f65c91bf25762d789a04a741519ccebbb74b1240065a5f47076d438b8d577906543d5ccd11a32fd128a97e7cbfbf9ed76f
-
SSDEEP
49152:RB6AjzEpL9b25V+GvrRwcsWt3HQpPaJpyu5PIFHtLKsyhKMprRLC:rfjzE59bIV+GvrLsW+pyJpyoyksGRL
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20241010-en
Malware Config
Extracted
lumma
https://navygenerayk.store/api
Targets
-
-
Target
file.exe
-
Size
3.0MB
-
MD5
cab3da58169117d6b2b118dfd42908df
-
SHA1
b405fa5f68e74860bac3a0bdbb4a843beba15320
-
SHA256
5666372b2e14e57565845f13137b74f2e15f61e96f1accd7b0fb041fc5ffaf52
-
SHA512
04c0bcef27d0aaf78fa3d3a1ec5eb2f65c91bf25762d789a04a741519ccebbb74b1240065a5f47076d438b8d577906543d5ccd11a32fd128a97e7cbfbf9ed76f
-
SSDEEP
49152:RB6AjzEpL9b25V+GvrRwcsWt3HQpPaJpyu5PIFHtLKsyhKMprRLC:rfjzE59bIV+GvrLsW+pyJpyoyksGRL
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-