General
-
Target
ef98ef7b237c47e0d3dfc8e64dad955c4a3c3a5ffa8ff524d59c5f0135d18533.exe
-
Size
2.9MB
-
Sample
241110-dq9xmaydqa
-
MD5
e4680563d6cf072a53a06a48f15e551c
-
SHA1
7cdc2a70c955fa540144d2e9ce7229d34e432fb8
-
SHA256
ef98ef7b237c47e0d3dfc8e64dad955c4a3c3a5ffa8ff524d59c5f0135d18533
-
SHA512
e507e6f753a2fc3f8aff5994fa559098af383dae82f838935974563c49ffa88170078a760dbced97762341f5ffb177355fe6d6da5cc8203baa7225e1038914b1
-
SSDEEP
49152:H+v7kUxpFSMnGRhclxVytL1C0kZEoopaC246xT0I1:H+v7kUxpM2GRh3tBBkropzt6x
Static task
static1
Behavioral task
behavioral1
Sample
ef98ef7b237c47e0d3dfc8e64dad955c4a3c3a5ffa8ff524d59c5f0135d18533.exe
Resource
win7-20240903-en
Malware Config
Extracted
lumma
https://navygenerayk.store/api
Targets
-
-
Target
ef98ef7b237c47e0d3dfc8e64dad955c4a3c3a5ffa8ff524d59c5f0135d18533.exe
-
Size
2.9MB
-
MD5
e4680563d6cf072a53a06a48f15e551c
-
SHA1
7cdc2a70c955fa540144d2e9ce7229d34e432fb8
-
SHA256
ef98ef7b237c47e0d3dfc8e64dad955c4a3c3a5ffa8ff524d59c5f0135d18533
-
SHA512
e507e6f753a2fc3f8aff5994fa559098af383dae82f838935974563c49ffa88170078a760dbced97762341f5ffb177355fe6d6da5cc8203baa7225e1038914b1
-
SSDEEP
49152:H+v7kUxpFSMnGRhclxVytL1C0kZEoopaC246xT0I1:H+v7kUxpM2GRh3tBBkropzt6x
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-