General
-
Target
0c8ef73c68f45e5d39ae445549f50dc7cdd66b338e3c9b56ef88dec277699292
-
Size
2.9MB
-
Sample
241112-sfmfxaykal
-
MD5
2b0d987d928d8dde2eabf79b84809e88
-
SHA1
1e487ff562ea9d523ab0bf532f89eea44fa79891
-
SHA256
0c8ef73c68f45e5d39ae445549f50dc7cdd66b338e3c9b56ef88dec277699292
-
SHA512
c251a819c94dd0f3116c9878e8f64c5cce89b862f3f4b38226b41876492589dbed23cf501f964ecdb2acfff27d7f0e0eb68e71a4e3214c2b5a754a16c1402f35
-
SSDEEP
49152:zuiF9sVdpUs0Zx/w+Eu2HHyJxBfeUSoe/KKM7B:z/XsJUs0Zx/w+EuC65eU4KKMN
Static task
static1
Behavioral task
behavioral1
Sample
0c8ef73c68f45e5d39ae445549f50dc7cdd66b338e3c9b56ef88dec277699292.exe
Resource
win7-20241010-en
Malware Config
Extracted
lumma
https://scriptyprefej.store
https://navygenerayk.store
https://founpiuer.store
https://necklacedmny.store
https://thumbystriw.store
https://fadehairucw.store
https://crisiwarny.store
https://presticitpo.store
https://opinieni.store
Targets
-
-
Target
0c8ef73c68f45e5d39ae445549f50dc7cdd66b338e3c9b56ef88dec277699292
-
Size
2.9MB
-
MD5
2b0d987d928d8dde2eabf79b84809e88
-
SHA1
1e487ff562ea9d523ab0bf532f89eea44fa79891
-
SHA256
0c8ef73c68f45e5d39ae445549f50dc7cdd66b338e3c9b56ef88dec277699292
-
SHA512
c251a819c94dd0f3116c9878e8f64c5cce89b862f3f4b38226b41876492589dbed23cf501f964ecdb2acfff27d7f0e0eb68e71a4e3214c2b5a754a16c1402f35
-
SSDEEP
49152:zuiF9sVdpUs0Zx/w+Eu2HHyJxBfeUSoe/KKM7B:z/XsJUs0Zx/w+EuC65eU4KKMN
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-