General
-
Target
573db5cc5226824dca52126ab9ee25b01bcfe2ffd1eca3aa1c2cfa65296f79b6
-
Size
3.0MB
-
Sample
241117-k15tzs1jbr
-
MD5
ff5d103cee62fd676d18a467c5f2cb08
-
SHA1
af61d9b8bd2cac8d897bcfaf876dfc7152531762
-
SHA256
573db5cc5226824dca52126ab9ee25b01bcfe2ffd1eca3aa1c2cfa65296f79b6
-
SHA512
ea6997a47708c280ef9013d5c81a7ea871e23b784f6636d743e4409191c71ef2a0add6ec162ad687ff9c4422ff5a1512940b5b4e101c4fe82f2d9ebc8a8a9f73
-
SSDEEP
49152:8IsiuSw7vC9qhKenVcpsccCVhwE9cDYaum7TJ9:jsEw7vC9qdV6DmTYWT
Static task
static1
Behavioral task
behavioral1
Sample
573db5cc5226824dca52126ab9ee25b01bcfe2ffd1eca3aa1c2cfa65296f79b6.exe
Resource
win7-20240729-en
Malware Config
Extracted
lumma
https://scriptyprefej.store
https://navygenerayk.store
https://founpiuer.store
https://necklacedmny.store
https://thumbystriw.store
https://fadehairucw.store
https://crisiwarny.store
https://presticitpo.store
Targets
-
-
Target
573db5cc5226824dca52126ab9ee25b01bcfe2ffd1eca3aa1c2cfa65296f79b6
-
Size
3.0MB
-
MD5
ff5d103cee62fd676d18a467c5f2cb08
-
SHA1
af61d9b8bd2cac8d897bcfaf876dfc7152531762
-
SHA256
573db5cc5226824dca52126ab9ee25b01bcfe2ffd1eca3aa1c2cfa65296f79b6
-
SHA512
ea6997a47708c280ef9013d5c81a7ea871e23b784f6636d743e4409191c71ef2a0add6ec162ad687ff9c4422ff5a1512940b5b4e101c4fe82f2d9ebc8a8a9f73
-
SSDEEP
49152:8IsiuSw7vC9qhKenVcpsccCVhwE9cDYaum7TJ9:jsEw7vC9qdV6DmTYWT
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
2