General
-
Target
file.exe
-
Size
3.0MB
-
Sample
241109-a879zateml
-
MD5
46bb8ee0ef04ada26933a53068d83cf5
-
SHA1
0d3166ca3b346e5a41614d7ddf7d90e1002c6ec4
-
SHA256
d6ec39a61882bd8ccdb1c7a0b5a602baa3d9fd7120a19631014f46bc7c62d4a3
-
SHA512
45c17426173cea8d096c5a0dff02a0314b27a21fea69363abc805f86aaad2beea8f9514bd45058ad736fc40155cc90c704d286e894f10f98f88ca39a72934e68
-
SSDEEP
49152:kp0DgI5eO673jtCDKkiss+a0LKtaqegQFXRzbES:ki77673jtCupL+egIQFBvt
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240903-en
Malware Config
Extracted
lumma
https://navygenerayk.store/api
Targets
-
-
Target
file.exe
-
Size
3.0MB
-
MD5
46bb8ee0ef04ada26933a53068d83cf5
-
SHA1
0d3166ca3b346e5a41614d7ddf7d90e1002c6ec4
-
SHA256
d6ec39a61882bd8ccdb1c7a0b5a602baa3d9fd7120a19631014f46bc7c62d4a3
-
SHA512
45c17426173cea8d096c5a0dff02a0314b27a21fea69363abc805f86aaad2beea8f9514bd45058ad736fc40155cc90c704d286e894f10f98f88ca39a72934e68
-
SSDEEP
49152:kp0DgI5eO673jtCDKkiss+a0LKtaqegQFXRzbES:ki77673jtCupL+egIQFBvt
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-