General
-
Target
0a176414492da39e5927f9cd937a8fbbdae92201aa27f3a46e1402b4e3525edb
-
Size
2.8MB
-
Sample
241121-zz4ymaslgk
-
MD5
e698918d7efbab1f43d5285a6180d9e6
-
SHA1
a36bdce51a0ba9900a3efbb48a1b95e94f9a715e
-
SHA256
0a176414492da39e5927f9cd937a8fbbdae92201aa27f3a46e1402b4e3525edb
-
SHA512
486f4cd2e661b5a211c45f24ac1ace50590e2dcae264671d56d2e25e05665fbd6fc09598c05e64fc7799dfc30c6e8fb643f87eb504b2f242a0b3ae0be736a630
-
SSDEEP
49152:ZiFcIzbTJltcAofaRMPcdHEJjQCb+uWGDIUIJTEMzXvy:ZieIzbVltcAKaRMEdkJQCb3IUIJT/
Static task
static1
Behavioral task
behavioral1
Sample
0a176414492da39e5927f9cd937a8fbbdae92201aa27f3a46e1402b4e3525edb.exe
Resource
win7-20241010-en
Malware Config
Extracted
lumma
https://scriptyprefej.store
https://navygenerayk.store
https://founpiuer.store
https://necklacedmny.store
https://thumbystriw.store
https://fadehairucw.store
https://crisiwarny.store
https://presticitpo.store
Targets
-
-
Target
0a176414492da39e5927f9cd937a8fbbdae92201aa27f3a46e1402b4e3525edb
-
Size
2.8MB
-
MD5
e698918d7efbab1f43d5285a6180d9e6
-
SHA1
a36bdce51a0ba9900a3efbb48a1b95e94f9a715e
-
SHA256
0a176414492da39e5927f9cd937a8fbbdae92201aa27f3a46e1402b4e3525edb
-
SHA512
486f4cd2e661b5a211c45f24ac1ace50590e2dcae264671d56d2e25e05665fbd6fc09598c05e64fc7799dfc30c6e8fb643f87eb504b2f242a0b3ae0be736a630
-
SSDEEP
49152:ZiFcIzbTJltcAofaRMPcdHEJjQCb+uWGDIUIJTEMzXvy:ZieIzbVltcAKaRMEdkJQCb3IUIJT/
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
2