General
-
Target
dcd5ab5063f5498fb2dd077bfa2490f046cf91ff5c7fde3ddcee2faef087ca6fN
-
Size
3.0MB
-
Sample
241108-tnn55svfmb
-
MD5
6a811d032fe3feb1d20c7d531b430c70
-
SHA1
b9f31f21dbeb13356fc216c6ad20f4a016672807
-
SHA256
dcd5ab5063f5498fb2dd077bfa2490f046cf91ff5c7fde3ddcee2faef087ca6f
-
SHA512
20d03a25c9beda734d39e8eaf170636cb1d66361705dc63a46bac9e926af8ae7003247e6c6aba11989b094fa6dc75074be095dec1139379a97585cf96d802db8
-
SSDEEP
49152:VyuCbGHL7cgdHWvSjZUQ1X42jU/LscD77y1Twju:VyufHfcgdHWwzCyq77sTwju
Static task
static1
Behavioral task
behavioral1
Sample
dcd5ab5063f5498fb2dd077bfa2490f046cf91ff5c7fde3ddcee2faef087ca6fN.exe
Resource
win7-20240903-en
Malware Config
Extracted
lumma
https://navygenerayk.store/api
Targets
-
-
Target
dcd5ab5063f5498fb2dd077bfa2490f046cf91ff5c7fde3ddcee2faef087ca6fN
-
Size
3.0MB
-
MD5
6a811d032fe3feb1d20c7d531b430c70
-
SHA1
b9f31f21dbeb13356fc216c6ad20f4a016672807
-
SHA256
dcd5ab5063f5498fb2dd077bfa2490f046cf91ff5c7fde3ddcee2faef087ca6f
-
SHA512
20d03a25c9beda734d39e8eaf170636cb1d66361705dc63a46bac9e926af8ae7003247e6c6aba11989b094fa6dc75074be095dec1139379a97585cf96d802db8
-
SSDEEP
49152:VyuCbGHL7cgdHWvSjZUQ1X42jU/LscD77y1Twju:VyufHfcgdHWwzCyq77sTwju
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-