General
-
Target
file.exe
-
Size
3.0MB
-
Sample
241108-2c3hds1eqq
-
MD5
56ca629b18c6e20d83d1766f461761e9
-
SHA1
27d6df7ce1dccb8b65900629f49a608c65dac9a5
-
SHA256
db2e8f92a3aa2c152da13fd43a18c52dae304d640d48aac15448dd91b5dece67
-
SHA512
b445b6a4a6456235c35f3ae2af299c8a959b8da20d6eeae03991b5af2300fa45c48acbf483b65361ca1632ad904c036276d2d5437ee864faa0e41b1b792b42c4
-
SSDEEP
49152:HGjpv+Tb543o9Pw4kGAi7VGDt+Q/b3JR43kQo0gKriN:HQtUbK3o9Pw4kGAz/3JRGkQpp
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240903-en
Malware Config
Extracted
lumma
https://navygenerayk.store/api
Targets
-
-
Target
file.exe
-
Size
3.0MB
-
MD5
56ca629b18c6e20d83d1766f461761e9
-
SHA1
27d6df7ce1dccb8b65900629f49a608c65dac9a5
-
SHA256
db2e8f92a3aa2c152da13fd43a18c52dae304d640d48aac15448dd91b5dece67
-
SHA512
b445b6a4a6456235c35f3ae2af299c8a959b8da20d6eeae03991b5af2300fa45c48acbf483b65361ca1632ad904c036276d2d5437ee864faa0e41b1b792b42c4
-
SSDEEP
49152:HGjpv+Tb543o9Pw4kGAi7VGDt+Q/b3JR43kQo0gKriN:HQtUbK3o9Pw4kGAz/3JRGkQpp
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
2