General
-
Target
f08b42a1d7648f9ad33f0beeed924e0262cbb4beeedb5e65e538c596a3cf003d
-
Size
3.0MB
-
Sample
241112-xkna8ayfmh
-
MD5
0f8e80c7efbc12a20c652f7ff3b49598
-
SHA1
8cd5626d7bd4a33e9366bf26f145a76ea8834c12
-
SHA256
f08b42a1d7648f9ad33f0beeed924e0262cbb4beeedb5e65e538c596a3cf003d
-
SHA512
cf68d175d231b366e0fbe2b77665e0f4a632f82f05beaeb40ec4c5ad01f96e1d889202edc00050cf53b5d75972a77de6cb07518ab69f1be5c7e8d02825caf89f
-
SSDEEP
49152:X32hXrOycS5C0QgMd+1vHFWyDlzOhRElAWN2M6EzosbJv+l:X3s7OhS5C0QgM0RHFWy9k04M5osbJ
Static task
static1
Behavioral task
behavioral1
Sample
f08b42a1d7648f9ad33f0beeed924e0262cbb4beeedb5e65e538c596a3cf003d.exe
Resource
win7-20240729-en
Malware Config
Extracted
lumma
https://scriptyprefej.store
https://navygenerayk.store
https://founpiuer.store
https://necklacedmny.store
https://thumbystriw.store
https://fadehairucw.store
https://crisiwarny.store
https://presticitpo.store
Targets
-
-
Target
f08b42a1d7648f9ad33f0beeed924e0262cbb4beeedb5e65e538c596a3cf003d
-
Size
3.0MB
-
MD5
0f8e80c7efbc12a20c652f7ff3b49598
-
SHA1
8cd5626d7bd4a33e9366bf26f145a76ea8834c12
-
SHA256
f08b42a1d7648f9ad33f0beeed924e0262cbb4beeedb5e65e538c596a3cf003d
-
SHA512
cf68d175d231b366e0fbe2b77665e0f4a632f82f05beaeb40ec4c5ad01f96e1d889202edc00050cf53b5d75972a77de6cb07518ab69f1be5c7e8d02825caf89f
-
SSDEEP
49152:X32hXrOycS5C0QgMd+1vHFWyDlzOhRElAWN2M6EzosbJv+l:X3s7OhS5C0QgM0RHFWy9k04M5osbJ
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
2