General
-
Target
e4b16cb9e924633cac4f4f9454613465b132b7191db0ceaf9db50333ba7c2c33
-
Size
2.9MB
-
Sample
241121-x7qd4azlfl
-
MD5
1c74e2bcb64d619589af56e34e35984f
-
SHA1
b565b12817e39b734451e91050f8c48e3183546c
-
SHA256
e4b16cb9e924633cac4f4f9454613465b132b7191db0ceaf9db50333ba7c2c33
-
SHA512
217f42cd325aa2da3e467795571e2f62f043833f842a1e9c9d0dcc291167cad4ac8d0912c540825a1cdc93735fdfac2d337f9870f039d3a9f3268d425ecfe43d
-
SSDEEP
49152:lgp487dyk6b9DjuFjZ6Op/GoPdey3TuJeBk0GhlHGy:lga+dyvb9DjuFPuoPdey3SJkk0QQ
Static task
static1
Behavioral task
behavioral1
Sample
e4b16cb9e924633cac4f4f9454613465b132b7191db0ceaf9db50333ba7c2c33.exe
Resource
win7-20241010-en
Malware Config
Extracted
lumma
https://scriptyprefej.store
https://navygenerayk.store
https://founpiuer.store
https://necklacedmny.store
https://thumbystriw.store
https://fadehairucw.store
https://crisiwarny.store
https://presticitpo.store
Targets
-
-
Target
e4b16cb9e924633cac4f4f9454613465b132b7191db0ceaf9db50333ba7c2c33
-
Size
2.9MB
-
MD5
1c74e2bcb64d619589af56e34e35984f
-
SHA1
b565b12817e39b734451e91050f8c48e3183546c
-
SHA256
e4b16cb9e924633cac4f4f9454613465b132b7191db0ceaf9db50333ba7c2c33
-
SHA512
217f42cd325aa2da3e467795571e2f62f043833f842a1e9c9d0dcc291167cad4ac8d0912c540825a1cdc93735fdfac2d337f9870f039d3a9f3268d425ecfe43d
-
SSDEEP
49152:lgp487dyk6b9DjuFjZ6Op/GoPdey3TuJeBk0GhlHGy:lga+dyvb9DjuFPuoPdey3SJkk0QQ
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-