General
-
Target
406472dc02df6dc9d24f59664c270d140d0ad34e4275c58c942ae17d84886b53
-
Size
3.0MB
-
Sample
241117-lxj9jswpcy
-
MD5
428efc416b6c71298a33880b707c008c
-
SHA1
268c4a517c2616533f5b73c7a7a9815da20e324a
-
SHA256
406472dc02df6dc9d24f59664c270d140d0ad34e4275c58c942ae17d84886b53
-
SHA512
0635dbb4129fa97c183621df894c26ac6812af2fecc65761d7f4787b5752f902246841d53d4289b4ceeb340e98f0e0defb482b7fcd38f1134e0fe597d8dcc6ba
-
SSDEEP
49152:VPSAi2j1wcpeFrHgBSZX/tgKhV2qIf+utq1nn:FSAi2j1TpeFfZX/OKLLutq1n
Static task
static1
Behavioral task
behavioral1
Sample
406472dc02df6dc9d24f59664c270d140d0ad34e4275c58c942ae17d84886b53.exe
Resource
win7-20240903-en
Malware Config
Extracted
lumma
https://scriptyprefej.store
https://navygenerayk.store
https://founpiuer.store
https://necklacedmny.store
https://thumbystriw.store
https://fadehairucw.store
https://crisiwarny.store
https://presticitpo.store
Targets
-
-
Target
406472dc02df6dc9d24f59664c270d140d0ad34e4275c58c942ae17d84886b53
-
Size
3.0MB
-
MD5
428efc416b6c71298a33880b707c008c
-
SHA1
268c4a517c2616533f5b73c7a7a9815da20e324a
-
SHA256
406472dc02df6dc9d24f59664c270d140d0ad34e4275c58c942ae17d84886b53
-
SHA512
0635dbb4129fa97c183621df894c26ac6812af2fecc65761d7f4787b5752f902246841d53d4289b4ceeb340e98f0e0defb482b7fcd38f1134e0fe597d8dcc6ba
-
SSDEEP
49152:VPSAi2j1wcpeFrHgBSZX/tgKhV2qIf+utq1nn:FSAi2j1TpeFfZX/OKLLutq1n
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
2