General
-
Target
cae9a3812eb84a8297883904ea5a65afdbb9bcfbb62259bb495747b67d3b15f3.exe
-
Size
1.8MB
-
Sample
241119-gl5zna1kdy
-
MD5
548b5dd324752d1d583edafb43959d93
-
SHA1
52123331b50fd2c55f75d042bbd2c6ba748f86a1
-
SHA256
cae9a3812eb84a8297883904ea5a65afdbb9bcfbb62259bb495747b67d3b15f3
-
SHA512
4ab3135f0af3cb1ee51c76ffdc5f35faabc362c56c172808b0aae704034d05a39c07dddfffcc02fce417b2c4f7e799325855fb91d53c6639bd8d8d813dedc81f
-
SSDEEP
24576:/Zwvqft3aATGojceKV6JI0dn/dWRa3QSUAcd/epHrqWHjGZ0Myq1UmQJ9YoL8tiT:BD1KAKeKwxQSrQepHr3MytmQfYoAl
Static task
static1
Behavioral task
behavioral1
Sample
cae9a3812eb84a8297883904ea5a65afdbb9bcfbb62259bb495747b67d3b15f3.exe
Resource
win7-20240903-en
Malware Config
Extracted
lumma
https://processhol.sbs/api
https://p10tgrace.sbs/api
https://peepburry828.sbs/api
https://3xp3cts1aim.sbs/api
https://p3ar11fter.sbs/api
Targets
-
-
Target
cae9a3812eb84a8297883904ea5a65afdbb9bcfbb62259bb495747b67d3b15f3.exe
-
Size
1.8MB
-
MD5
548b5dd324752d1d583edafb43959d93
-
SHA1
52123331b50fd2c55f75d042bbd2c6ba748f86a1
-
SHA256
cae9a3812eb84a8297883904ea5a65afdbb9bcfbb62259bb495747b67d3b15f3
-
SHA512
4ab3135f0af3cb1ee51c76ffdc5f35faabc362c56c172808b0aae704034d05a39c07dddfffcc02fce417b2c4f7e799325855fb91d53c6639bd8d8d813dedc81f
-
SSDEEP
24576:/Zwvqft3aATGojceKV6JI0dn/dWRa3QSUAcd/epHrqWHjGZ0Myq1UmQJ9YoL8tiT:BD1KAKeKwxQSrQepHr3MytmQfYoAl
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-