General
-
Target
70f1ef13e02086ef05f82e098684135f79295a8493f0174ec96dda7b894120f7N
-
Size
2.8MB
-
Sample
241108-rwz69ssrf1
-
MD5
ac184422dacac5a48f36b3974bf132b0
-
SHA1
38582d5a75766079a8da322b9c5928e8de448574
-
SHA256
70f1ef13e02086ef05f82e098684135f79295a8493f0174ec96dda7b894120f7
-
SHA512
6d9558b9d87c5bc15659303795c55bea06355fd7eed931969898980f9b6923a3eb1f1063e61c45f5d007c0059ca35d108ef189e246bf0e91f7e4c07cd0259161
-
SSDEEP
49152:8cS10JHLagv1re3KnXL6p0Qw+VFfDUfzlyAij:8v1wu+1re3Kn+pfwcQ74dj
Static task
static1
Behavioral task
behavioral1
Sample
70f1ef13e02086ef05f82e098684135f79295a8493f0174ec96dda7b894120f7N.exe
Resource
win7-20241010-en
Malware Config
Extracted
lumma
https://navygenerayk.store/api
Targets
-
-
Target
70f1ef13e02086ef05f82e098684135f79295a8493f0174ec96dda7b894120f7N
-
Size
2.8MB
-
MD5
ac184422dacac5a48f36b3974bf132b0
-
SHA1
38582d5a75766079a8da322b9c5928e8de448574
-
SHA256
70f1ef13e02086ef05f82e098684135f79295a8493f0174ec96dda7b894120f7
-
SHA512
6d9558b9d87c5bc15659303795c55bea06355fd7eed931969898980f9b6923a3eb1f1063e61c45f5d007c0059ca35d108ef189e246bf0e91f7e4c07cd0259161
-
SSDEEP
49152:8cS10JHLagv1re3KnXL6p0Qw+VFfDUfzlyAij:8v1wu+1re3Kn+pfwcQ74dj
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-