General
-
Target
file.exe
-
Size
3.0MB
-
Sample
241112-xt4pkayhlm
-
MD5
2ddb4a173abe996c74cd293f8cf0dee8
-
SHA1
d9749e75ac2807df36b38496faaba2138fb29493
-
SHA256
c5e0aaeeb66047df266a8e8d973548cf120e026dcf6a1fb91a73c4639245cb1e
-
SHA512
eb7f1596d5813cadaef48a5e2f6a13abe48148b3cd19e21eb864c4b7b3fba95338078bd086c8588dd91118eb1e2c26ecdcc3010ad8a3da7b6cf9e62b44905eb6
-
SSDEEP
24576:SyE7SLjyLxnVWgyLRBnXJ7zGUl9oXt6hqeO4TljggHO/IsFAuFHLjSfkKm4Th+S:SyE7EjyLLEHXBaUwd6hHOclggHY
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20241023-en
Malware Config
Extracted
lumma
https://thicktoys.sbs/api
https://3xc1aimbl0w.sbs/api
https://300snails.sbs/api
https://faintbl0w.sbs/api
Targets
-
-
Target
file.exe
-
Size
3.0MB
-
MD5
2ddb4a173abe996c74cd293f8cf0dee8
-
SHA1
d9749e75ac2807df36b38496faaba2138fb29493
-
SHA256
c5e0aaeeb66047df266a8e8d973548cf120e026dcf6a1fb91a73c4639245cb1e
-
SHA512
eb7f1596d5813cadaef48a5e2f6a13abe48148b3cd19e21eb864c4b7b3fba95338078bd086c8588dd91118eb1e2c26ecdcc3010ad8a3da7b6cf9e62b44905eb6
-
SSDEEP
24576:SyE7SLjyLxnVWgyLRBnXJ7zGUl9oXt6hqeO4TljggHO/IsFAuFHLjSfkKm4Th+S:SyE7EjyLLEHXBaUwd6hHOclggHY
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-