General
-
Target
file.exe
-
Size
1.8MB
-
Sample
241117-ta1xsatbmb
-
MD5
a58c2381b3a09794c5f79c1bc6358fd9
-
SHA1
70db592fd9154a831da656438c3f558c376b1053
-
SHA256
fef10d7378cf8912453034be5c0b36bab453d66962290a1a0b64222fb30f4e56
-
SHA512
4c5674acf0a738b09c6189ef04cccf33f33fdadace1e70bec3d163c934fd9343b4904bf952597647b6e0605b011898ff654e7b7dd2672dc3aa8cf5ebd8f41c40
-
SSDEEP
49152:tSCX+wKP8BbVj9qpptHUexGlt3nyLcndhW3Zeu:Afgbp9U0eolpyLMI5
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240903-en
Malware Config
Extracted
lumma
https://processhol.sbs/api
https://p10tgrace.sbs/api
https://peepburry828.sbs/api
https://3xp3cts1aim.sbs/api
https://p3ar11fter.sbs/api
Targets
-
-
Target
file.exe
-
Size
1.8MB
-
MD5
a58c2381b3a09794c5f79c1bc6358fd9
-
SHA1
70db592fd9154a831da656438c3f558c376b1053
-
SHA256
fef10d7378cf8912453034be5c0b36bab453d66962290a1a0b64222fb30f4e56
-
SHA512
4c5674acf0a738b09c6189ef04cccf33f33fdadace1e70bec3d163c934fd9343b4904bf952597647b6e0605b011898ff654e7b7dd2672dc3aa8cf5ebd8f41c40
-
SSDEEP
49152:tSCX+wKP8BbVj9qpptHUexGlt3nyLcndhW3Zeu:Afgbp9U0eolpyLMI5
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-