General
-
Target
2baf2724bcd596615482311e56c44992c76d1f52647ac7c0daa788abc921fa74
-
Size
3.0MB
-
Sample
241117-lsyldaxdpk
-
MD5
beb88464d425b6672e0ddfaabc2a1aec
-
SHA1
d82c1caeb93ce0730de45be486c9dac620ba3552
-
SHA256
2baf2724bcd596615482311e56c44992c76d1f52647ac7c0daa788abc921fa74
-
SHA512
a67648a2045941fbb918d5a76c1d48165e1474755af2477eec8b66b20a6ddc897499bceaedd858551bc78494ab8fec4312215c01d94e010020e31feaec587561
-
SSDEEP
49152:Fsb+0pgjF+JPhu2/TNzA8ilHcfibD2Rvu6of06L+uPrLAf:FsCUgoJI2/TNzLCHqgD2z6DL
Static task
static1
Behavioral task
behavioral1
Sample
2baf2724bcd596615482311e56c44992c76d1f52647ac7c0daa788abc921fa74.exe
Resource
win7-20240903-en
Malware Config
Extracted
lumma
https://scriptyprefej.store
https://navygenerayk.store
https://founpiuer.store
https://necklacedmny.store
https://thumbystriw.store
https://fadehairucw.store
https://crisiwarny.store
https://presticitpo.store
Targets
-
-
Target
2baf2724bcd596615482311e56c44992c76d1f52647ac7c0daa788abc921fa74
-
Size
3.0MB
-
MD5
beb88464d425b6672e0ddfaabc2a1aec
-
SHA1
d82c1caeb93ce0730de45be486c9dac620ba3552
-
SHA256
2baf2724bcd596615482311e56c44992c76d1f52647ac7c0daa788abc921fa74
-
SHA512
a67648a2045941fbb918d5a76c1d48165e1474755af2477eec8b66b20a6ddc897499bceaedd858551bc78494ab8fec4312215c01d94e010020e31feaec587561
-
SSDEEP
49152:Fsb+0pgjF+JPhu2/TNzA8ilHcfibD2Rvu6of06L+uPrLAf:FsCUgoJI2/TNzLCHqgD2z6DL
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
2