General
-
Target
c3c2024e7fe56a636144ba8541554e46f8c558d92620763cc0b382d9860e13c9
-
Size
3.1MB
-
Sample
241112-x5lywszbkp
-
MD5
af61df2e64cc0a9fb7af4c3db55f6cd9
-
SHA1
466d26398628eef7b53f0f3b5dd9ec29a3d526b5
-
SHA256
c3c2024e7fe56a636144ba8541554e46f8c558d92620763cc0b382d9860e13c9
-
SHA512
a35b730faa70dc371a4c50db229a18d4527ba7195618e8732a5d6e4e9b7e2cde9327ee4bdc3970d643386c244dfb54c9550355d0de01e093354a350fc81ca59d
-
SSDEEP
49152:FS4P1wimWGQfmnqvjtVd1mlQbtR/1rKNZzMNL4NStU:FS4d/vUqLtVd1CiR9mxzNSy
Static task
static1
Behavioral task
behavioral1
Sample
c3c2024e7fe56a636144ba8541554e46f8c558d92620763cc0b382d9860e13c9.exe
Resource
win7-20240903-en
Malware Config
Extracted
lumma
https://scriptyprefej.store
https://navygenerayk.store
https://founpiuer.store
https://necklacedmny.store
https://thumbystriw.store
https://fadehairucw.store
https://crisiwarny.store
https://presticitpo.store
Targets
-
-
Target
c3c2024e7fe56a636144ba8541554e46f8c558d92620763cc0b382d9860e13c9
-
Size
3.1MB
-
MD5
af61df2e64cc0a9fb7af4c3db55f6cd9
-
SHA1
466d26398628eef7b53f0f3b5dd9ec29a3d526b5
-
SHA256
c3c2024e7fe56a636144ba8541554e46f8c558d92620763cc0b382d9860e13c9
-
SHA512
a35b730faa70dc371a4c50db229a18d4527ba7195618e8732a5d6e4e9b7e2cde9327ee4bdc3970d643386c244dfb54c9550355d0de01e093354a350fc81ca59d
-
SSDEEP
49152:FS4P1wimWGQfmnqvjtVd1mlQbtR/1rKNZzMNL4NStU:FS4d/vUqLtVd1CiR9mxzNSy
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
2