General
-
Target
0e3c053cccd97dc93b91dc9ceb00be01.bin
-
Size
1.7MB
-
Sample
241109-bc5pmssqez
-
MD5
cf74190372b8ad8973853e7f8aa8bb2c
-
SHA1
5638b4fe23197472181a4a1da553c9d1646bdc3f
-
SHA256
797b1df478c60c94379464e6a4a4caa4038ad8bba44acc9c48d4559fca653655
-
SHA512
6376d6c7b67dce0f248ee5800e1e36585ecab34723c69e8b50c5ba9b75add42a1199279eb1e22f8c3fbd2c3383825d2524c180edfa2cd37ed5362f70f279e36a
-
SSDEEP
24576:5mJ3vJ3Y+RFrK7bhflXrgNmkyu8d+/VVSMxcVDmFqsdeGjBkL/uWsDOjT4eH7Fs:slK7bB1kQFu+AeMx7FV6buWsDOx7q
Static task
static1
Behavioral task
behavioral1
Sample
49317d725402f77e1253f32873158186473a7daf785786b3b310fc9dc8ba6121.exe
Resource
win7-20240903-en
Malware Config
Extracted
lumma
https://navygenerayk.store/api
Targets
-
-
Target
49317d725402f77e1253f32873158186473a7daf785786b3b310fc9dc8ba6121.exe
-
Size
3.0MB
-
MD5
0e3c053cccd97dc93b91dc9ceb00be01
-
SHA1
c10ac13c4971781eeea01991b0fec0d474c95a98
-
SHA256
49317d725402f77e1253f32873158186473a7daf785786b3b310fc9dc8ba6121
-
SHA512
5aae1bcfab4c3c03bb5c55b2b7030b581663f7c80bd7734ca7c84cd72f8dbd93dc61e4c5ace92cf737e1da95eed7d69d08eaa7e0960bad6d3253b0f6cd4c37c9
-
SSDEEP
24576:TNmpb83iuPJexaH3AIOPJBimQ0qnYkoNw+c1zuAVtKu8lNpYzVNVA3TcAES7dsFr:BmpbQPoacPaGE1YlYzF1aSF5d
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-