General
-
Target
737914f47ca5ef34d3e8dd45ead3b2f9.exe
-
Size
2.8MB
-
Sample
241109-xlz2eazepc
-
MD5
737914f47ca5ef34d3e8dd45ead3b2f9
-
SHA1
ff8d38f33f90c42dd1a2e4182a1177584d12dcf8
-
SHA256
abc1617f4a0b2b5ce9028128f6f03deb873fd8806162b7eb9eccd5ef77513b60
-
SHA512
978e6d11368bd58c17db88a07c4463cd8350a5673f2699075a988a0aefa852973fa6e91b8b404f6b4d911cdde599d9ebbe668a75651edea2b98c78250056fe78
-
SSDEEP
49152:kEqnMlqJH55U9Xwy97J6nM2nKvXcvq7yUSfKy+2+O:pqMluHHU9X197J6bWcvxUq+2+O
Static task
static1
Behavioral task
behavioral1
Sample
737914f47ca5ef34d3e8dd45ead3b2f9.exe
Resource
win7-20241023-en
Malware Config
Extracted
lumma
https://navygenerayk.store/api
Targets
-
-
Target
737914f47ca5ef34d3e8dd45ead3b2f9.exe
-
Size
2.8MB
-
MD5
737914f47ca5ef34d3e8dd45ead3b2f9
-
SHA1
ff8d38f33f90c42dd1a2e4182a1177584d12dcf8
-
SHA256
abc1617f4a0b2b5ce9028128f6f03deb873fd8806162b7eb9eccd5ef77513b60
-
SHA512
978e6d11368bd58c17db88a07c4463cd8350a5673f2699075a988a0aefa852973fa6e91b8b404f6b4d911cdde599d9ebbe668a75651edea2b98c78250056fe78
-
SSDEEP
49152:kEqnMlqJH55U9Xwy97J6nM2nKvXcvq7yUSfKy+2+O:pqMluHHU9X197J6bWcvxUq+2+O
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
2