General
-
Target
0077934422c43d40c3d013a087dc47921a80b0afa6ff27df16788b0f9ba5f42c
-
Size
2.8MB
-
Sample
241121-nhv4lswmeq
-
MD5
1e2713791f4b57ee161ef33685c0f1ed
-
SHA1
4c208910306a8ffed3a5e12635d5b062b5c0ccdf
-
SHA256
0077934422c43d40c3d013a087dc47921a80b0afa6ff27df16788b0f9ba5f42c
-
SHA512
b9ad7593dfd25ec2881797ae70069e4717e67dbe15a390c70ebfdbb271298eabea9cfa0c2a73187507f4d39a761f4f5b621a99832a8f180af502c43d143abc15
-
SSDEEP
49152:TNuNeBOHsm6gpbhXoFqg9w2BQ2NPEnZiYI4ZNdT:TNuNeQb6cbhXoFqf2BQesn9I4p
Static task
static1
Behavioral task
behavioral1
Sample
0077934422c43d40c3d013a087dc47921a80b0afa6ff27df16788b0f9ba5f42c.exe
Resource
win7-20240903-en
Malware Config
Extracted
lumma
https://scriptyprefej.store
https://navygenerayk.store
https://founpiuer.store
https://necklacedmny.store
https://thumbystriw.store
https://fadehairucw.store
https://crisiwarny.store
https://presticitpo.store
Targets
-
-
Target
0077934422c43d40c3d013a087dc47921a80b0afa6ff27df16788b0f9ba5f42c
-
Size
2.8MB
-
MD5
1e2713791f4b57ee161ef33685c0f1ed
-
SHA1
4c208910306a8ffed3a5e12635d5b062b5c0ccdf
-
SHA256
0077934422c43d40c3d013a087dc47921a80b0afa6ff27df16788b0f9ba5f42c
-
SHA512
b9ad7593dfd25ec2881797ae70069e4717e67dbe15a390c70ebfdbb271298eabea9cfa0c2a73187507f4d39a761f4f5b621a99832a8f180af502c43d143abc15
-
SSDEEP
49152:TNuNeBOHsm6gpbhXoFqg9w2BQ2NPEnZiYI4ZNdT:TNuNeQb6cbhXoFqf2BQesn9I4p
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
2