General
-
Target
file.exe
-
Size
3.0MB
-
Sample
241112-wtqbha1nbn
-
MD5
6fddc2de16b4e52b683845b0de57d268
-
SHA1
79913b66c543fc2242de513e396bfada051ea9c1
-
SHA256
df5d157f42f8ae124e54ff65eba0d51c8e4ffa8c74314ba2ca78ea0e7d18235d
-
SHA512
d585321d10378ddfc341350c54b7643b2caf1be578d1b643496bfa3ec9529769017d015192c17791bd699b830e2fb2b5da626744d3a7cd970f8c0f803f28d2d4
-
SSDEEP
49152:MqGA0nP0MrhXcQ2q++eXNB18OYfMq3qS55BK76yg:MN5rhXeq+d18TMq3qS55476
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240903-en
Malware Config
Extracted
lumma
https://3xc1aimbl0w.sbs/api
https://300snails.sbs/api
https://faintbl0w.sbs/api
https://thicktoys.sbs/api
Targets
-
-
Target
file.exe
-
Size
3.0MB
-
MD5
6fddc2de16b4e52b683845b0de57d268
-
SHA1
79913b66c543fc2242de513e396bfada051ea9c1
-
SHA256
df5d157f42f8ae124e54ff65eba0d51c8e4ffa8c74314ba2ca78ea0e7d18235d
-
SHA512
d585321d10378ddfc341350c54b7643b2caf1be578d1b643496bfa3ec9529769017d015192c17791bd699b830e2fb2b5da626744d3a7cd970f8c0f803f28d2d4
-
SSDEEP
49152:MqGA0nP0MrhXcQ2q++eXNB18OYfMq3qS55BK76yg:MN5rhXeq+d18TMq3qS55476
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
2