General
-
Target
a1f93dc78a2a591b33fd5e989d3027bf47aae16f1a70518b53ce4a571a45e214.exe
-
Size
1.8MB
-
Sample
241119-ft9gdawjgq
-
MD5
51d6372aaa8e4172e1a6946f61f38223
-
SHA1
913b019204ac89d21f12ad0aa66aa187e3aa9781
-
SHA256
a1f93dc78a2a591b33fd5e989d3027bf47aae16f1a70518b53ce4a571a45e214
-
SHA512
2672324008ead592deaa915d855528f42fbca0477d1d5b30f57392a501cc5e5cfde8e44401146225392453f97ef04a5928c8f62bb391ab3f8b0dc209b6fea41d
-
SSDEEP
24576:vnfbSIuEEscoGlSAhgOXnxYeiRFtYMYNjKdYZDksrb8gOB6hTmCGjboMptQ9AIyI:vZEsbGVg+gF/YRd8gOkmCCB6ATHr8J
Static task
static1
Behavioral task
behavioral1
Sample
a1f93dc78a2a591b33fd5e989d3027bf47aae16f1a70518b53ce4a571a45e214.exe
Resource
win7-20240903-en
Malware Config
Extracted
lumma
https://processhol.sbs/api
https://p10tgrace.sbs/api
https://peepburry828.sbs/api
https://3xp3cts1aim.sbs/api
https://p3ar11fter.sbs/api
Targets
-
-
Target
a1f93dc78a2a591b33fd5e989d3027bf47aae16f1a70518b53ce4a571a45e214.exe
-
Size
1.8MB
-
MD5
51d6372aaa8e4172e1a6946f61f38223
-
SHA1
913b019204ac89d21f12ad0aa66aa187e3aa9781
-
SHA256
a1f93dc78a2a591b33fd5e989d3027bf47aae16f1a70518b53ce4a571a45e214
-
SHA512
2672324008ead592deaa915d855528f42fbca0477d1d5b30f57392a501cc5e5cfde8e44401146225392453f97ef04a5928c8f62bb391ab3f8b0dc209b6fea41d
-
SSDEEP
24576:vnfbSIuEEscoGlSAhgOXnxYeiRFtYMYNjKdYZDksrb8gOB6hTmCGjboMptQ9AIyI:vZEsbGVg+gF/YRd8gOkmCCB6ATHr8J
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-