General
-
Target
file.exe
-
Size
3.0MB
-
Sample
241108-pc6hts1nav
-
MD5
aef1238304cba5751636988e024bc239
-
SHA1
caf011df56ede2907add6e7fe4929b635ce81afd
-
SHA256
eab675cad4a75b9422aeff87059d4a5f90239b0a3b68735ec2c2566a71430e23
-
SHA512
4267885a9be8ba65a061dd483894b99356f7a95e25fcc103ef23df33b11557b45e91c5b6e26ebfe37a0d3e091f3a16815abdb2ba6df1dfeb26e04e6e19aea3c7
-
SSDEEP
49152:Nvg+yKMExMkNTxhBDL5uRYfTYZcCIjgQqjfaIJvLxmaR4QWVRjLwqpmO:NvNwXktxPDL6YfTYZc/74xSRjLwqQO
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240903-en
Malware Config
Extracted
lumma
https://navygenerayk.store/api
Targets
-
-
Target
file.exe
-
Size
3.0MB
-
MD5
aef1238304cba5751636988e024bc239
-
SHA1
caf011df56ede2907add6e7fe4929b635ce81afd
-
SHA256
eab675cad4a75b9422aeff87059d4a5f90239b0a3b68735ec2c2566a71430e23
-
SHA512
4267885a9be8ba65a061dd483894b99356f7a95e25fcc103ef23df33b11557b45e91c5b6e26ebfe37a0d3e091f3a16815abdb2ba6df1dfeb26e04e6e19aea3c7
-
SSDEEP
49152:Nvg+yKMExMkNTxhBDL5uRYfTYZcCIjgQqjfaIJvLxmaR4QWVRjLwqpmO:NvNwXktxPDL6YfTYZc/74xSRjLwqQO
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-