General
-
Target
a7850de3122509e3528e71705def837359e1bb9678c9876442e852759ba5d735
-
Size
2.9MB
-
Sample
241121-wanzbsymdq
-
MD5
72378a6fc2cca85e08616b5c9396df67
-
SHA1
589c3789dd94017ba9f4bed50969405d9d303c91
-
SHA256
a7850de3122509e3528e71705def837359e1bb9678c9876442e852759ba5d735
-
SHA512
b58558deca75257e7f6aefbf887f8799bdaa4ef51b50f9d6b9cc13bf9d635f688213162ad1c7e703f690142947b9b130c5d448c08b7c70179ef2ef7cf26beb4f
-
SSDEEP
49152:CAERMgJp9NfWPHu2oAYf69x3z7OVM13whXJ8PRoaPx5Q:C7MgJpLfOu2oL69NQMVwh58PmaPs
Static task
static1
Behavioral task
behavioral1
Sample
a7850de3122509e3528e71705def837359e1bb9678c9876442e852759ba5d735.exe
Resource
win7-20240903-en
Malware Config
Extracted
lumma
https://scriptyprefej.store
https://navygenerayk.store
https://founpiuer.store
https://necklacedmny.store
https://thumbystriw.store
https://fadehairucw.store
https://crisiwarny.store
https://presticitpo.store
Targets
-
-
Target
a7850de3122509e3528e71705def837359e1bb9678c9876442e852759ba5d735
-
Size
2.9MB
-
MD5
72378a6fc2cca85e08616b5c9396df67
-
SHA1
589c3789dd94017ba9f4bed50969405d9d303c91
-
SHA256
a7850de3122509e3528e71705def837359e1bb9678c9876442e852759ba5d735
-
SHA512
b58558deca75257e7f6aefbf887f8799bdaa4ef51b50f9d6b9cc13bf9d635f688213162ad1c7e703f690142947b9b130c5d448c08b7c70179ef2ef7cf26beb4f
-
SSDEEP
49152:CAERMgJp9NfWPHu2oAYf69x3z7OVM13whXJ8PRoaPx5Q:C7MgJpLfOu2oL69NQMVwh58PmaPs
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-