General
-
Target
97fd020744b762f6103a7712a182af2161557bae49cae9772c2a9b5ebad82513
-
Size
2.9MB
-
Sample
241117-q74hdswjfq
-
MD5
7bd9ddf41cf8c2451e6e75242febfda1
-
SHA1
94af38e810957befdd50512626f3aab2d1864598
-
SHA256
97fd020744b762f6103a7712a182af2161557bae49cae9772c2a9b5ebad82513
-
SHA512
8736a28780dd1c9f5f924e350ab87b1e0469c2f1397b21974f1b190e7281d85aa75cea51619c6941c87a308641eeb80a5cb14ac8b4b15298a548d6108d08cf0a
-
SSDEEP
49152:4UuzPIX8kpzEeWJOvIkW1TM5K6JOr1ij22tl:4UuzPI8kpzlWJOv5W1o5DiijBtl
Static task
static1
Behavioral task
behavioral1
Sample
97fd020744b762f6103a7712a182af2161557bae49cae9772c2a9b5ebad82513.exe
Resource
win7-20240903-en
Malware Config
Extracted
lumma
https://scriptyprefej.store
https://navygenerayk.store
https://founpiuer.store
https://necklacedmny.store
https://thumbystriw.store
https://fadehairucw.store
https://crisiwarny.store
https://presticitpo.store
Targets
-
-
Target
97fd020744b762f6103a7712a182af2161557bae49cae9772c2a9b5ebad82513
-
Size
2.9MB
-
MD5
7bd9ddf41cf8c2451e6e75242febfda1
-
SHA1
94af38e810957befdd50512626f3aab2d1864598
-
SHA256
97fd020744b762f6103a7712a182af2161557bae49cae9772c2a9b5ebad82513
-
SHA512
8736a28780dd1c9f5f924e350ab87b1e0469c2f1397b21974f1b190e7281d85aa75cea51619c6941c87a308641eeb80a5cb14ac8b4b15298a548d6108d08cf0a
-
SSDEEP
49152:4UuzPIX8kpzEeWJOvIkW1TM5K6JOr1ij22tl:4UuzPI8kpzlWJOv5W1o5DiijBtl
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
2