General
-
Target
file.exe
-
Size
3.0MB
-
Sample
241111-3yz5tszdpf
-
MD5
89b3ae3a05cf1fdacceeaede73ad045d
-
SHA1
e1a9087b626f44a6ba5a93e3455cd72852e21a5d
-
SHA256
37c0f15e83b626eeaf14bc3739d8da28c8641415845c0e72cf1318a4a00a2b81
-
SHA512
81e54bd5293b5c3f4d68cc1ec0fc92f0a06c72b8bf7c42bfe9f86e792461a1525915df4801192144fbf948bfc83482fd9053b257e79663f19e1f161c3da071f0
-
SSDEEP
49152:6apwDeBn7iwivXbeMCtE8UJ7ceTZXCS9I8XIn+l+5UVyA:LjlivXbeMCZUJ7cely8I8XIi+x
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240903-en
Malware Config
Extracted
lumma
https://scriptyprefej.store
https://navygenerayk.store
https://founpiuer.store
https://necklacedmny.store
https://thumbystriw.store
https://fadehairucw.store
https://crisiwarny.store
https://presticitpo.store
Targets
-
-
Target
file.exe
-
Size
3.0MB
-
MD5
89b3ae3a05cf1fdacceeaede73ad045d
-
SHA1
e1a9087b626f44a6ba5a93e3455cd72852e21a5d
-
SHA256
37c0f15e83b626eeaf14bc3739d8da28c8641415845c0e72cf1318a4a00a2b81
-
SHA512
81e54bd5293b5c3f4d68cc1ec0fc92f0a06c72b8bf7c42bfe9f86e792461a1525915df4801192144fbf948bfc83482fd9053b257e79663f19e1f161c3da071f0
-
SSDEEP
49152:6apwDeBn7iwivXbeMCtE8UJ7ceTZXCS9I8XIn+l+5UVyA:LjlivXbeMCZUJ7cely8I8XIi+x
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-