General
-
Target
file.exe
-
Size
3.1MB
-
Sample
241110-b6y4ysxbjg
-
MD5
2ba7ab7428ad24c826901b24b2c4dc9a
-
SHA1
5ab917bf86e3dce5302a9b3bb76aad6616bc1593
-
SHA256
a3d2857d91ef3e9c99f6934ebdab64a5ba3184cbd59bef72f8e0e1b040e7fa4a
-
SHA512
8f5998195e799dc000b703837f14e28ded301209fb8a3da2f88de50d514a68f589b9401f3904ad8e82e803f294a9fc42e2be7d717afe33d294dfe7bb473f318c
-
SSDEEP
98304:arZPwPUfwixeCbSoFlEVO7hyBsUlzKbEUIVWq:1PnmyBllYENWq
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240903-en
Malware Config
Extracted
lumma
https://navygenerayk.store/api
Targets
-
-
Target
file.exe
-
Size
3.1MB
-
MD5
2ba7ab7428ad24c826901b24b2c4dc9a
-
SHA1
5ab917bf86e3dce5302a9b3bb76aad6616bc1593
-
SHA256
a3d2857d91ef3e9c99f6934ebdab64a5ba3184cbd59bef72f8e0e1b040e7fa4a
-
SHA512
8f5998195e799dc000b703837f14e28ded301209fb8a3da2f88de50d514a68f589b9401f3904ad8e82e803f294a9fc42e2be7d717afe33d294dfe7bb473f318c
-
SSDEEP
98304:arZPwPUfwixeCbSoFlEVO7hyBsUlzKbEUIVWq:1PnmyBllYENWq
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
2