General
-
Target
594e444b9fe80c0574325ae66bb745bc0649de754dd575b92051afadb4e86e32N
-
Size
2.9MB
-
Sample
241108-3m7erssdra
-
MD5
2f47c3f5d41ae0f271cbb41583f67a60
-
SHA1
5ebf44371b56ba8b17d62c28b006d14df73041ed
-
SHA256
594e444b9fe80c0574325ae66bb745bc0649de754dd575b92051afadb4e86e32
-
SHA512
eb91ba0f7d09c12178ffd838b547c62bf5dfbb38161bb3014fdc96a972166d7806e789fee79f64aa3ea73fa68efeb42ca3f54f74ab12190cc05e8ece469e848f
-
SSDEEP
49152:u+L6rN6+L9Ulceu7REScWH/pYxtNQ+GWcF5un6w3rXsi:yrN6EGcegHR2y+GWiuVXs
Static task
static1
Behavioral task
behavioral1
Sample
594e444b9fe80c0574325ae66bb745bc0649de754dd575b92051afadb4e86e32N.exe
Resource
win7-20240903-en
Malware Config
Extracted
lumma
https://navygenerayk.store/api
Targets
-
-
Target
594e444b9fe80c0574325ae66bb745bc0649de754dd575b92051afadb4e86e32N
-
Size
2.9MB
-
MD5
2f47c3f5d41ae0f271cbb41583f67a60
-
SHA1
5ebf44371b56ba8b17d62c28b006d14df73041ed
-
SHA256
594e444b9fe80c0574325ae66bb745bc0649de754dd575b92051afadb4e86e32
-
SHA512
eb91ba0f7d09c12178ffd838b547c62bf5dfbb38161bb3014fdc96a972166d7806e789fee79f64aa3ea73fa68efeb42ca3f54f74ab12190cc05e8ece469e848f
-
SSDEEP
49152:u+L6rN6+L9Ulceu7REScWH/pYxtNQ+GWcF5un6w3rXsi:yrN6EGcegHR2y+GWiuVXs
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
2