General
-
Target
6416d9d75910685b7906b1c59a7d58686ab2a662db443a1aecb2057e66cfde6a.exe
-
Size
1.8MB
-
Sample
241119-e88mysvqem
-
MD5
0ddcd6763d9c2104f94916ad73e8e3dc
-
SHA1
f8b8cc9c9e7ac5d74241a7ea87a5a8f22a1dc4a9
-
SHA256
6416d9d75910685b7906b1c59a7d58686ab2a662db443a1aecb2057e66cfde6a
-
SHA512
ee12c0253de7874824e5eaf3e97d80e6a78d3022425821298f6624602b3c4e783e9f388119ca7431635ac7447f473412e31880b6931d1ca0896db095e9a32d39
-
SSDEEP
49152:NPq/nyPGddethO8HCQfvQSnjiCfiRig2p3HDHa:snyeyhz7f9npiajH
Static task
static1
Behavioral task
behavioral1
Sample
6416d9d75910685b7906b1c59a7d58686ab2a662db443a1aecb2057e66cfde6a.exe
Resource
win7-20240903-en
Malware Config
Extracted
lumma
https://processhol.sbs/api
https://p10tgrace.sbs/api
https://peepburry828.sbs/api
https://3xp3cts1aim.sbs/api
https://p3ar11fter.sbs/api
Targets
-
-
Target
6416d9d75910685b7906b1c59a7d58686ab2a662db443a1aecb2057e66cfde6a.exe
-
Size
1.8MB
-
MD5
0ddcd6763d9c2104f94916ad73e8e3dc
-
SHA1
f8b8cc9c9e7ac5d74241a7ea87a5a8f22a1dc4a9
-
SHA256
6416d9d75910685b7906b1c59a7d58686ab2a662db443a1aecb2057e66cfde6a
-
SHA512
ee12c0253de7874824e5eaf3e97d80e6a78d3022425821298f6624602b3c4e783e9f388119ca7431635ac7447f473412e31880b6931d1ca0896db095e9a32d39
-
SSDEEP
49152:NPq/nyPGddethO8HCQfvQSnjiCfiRig2p3HDHa:snyeyhz7f9npiajH
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-