General
-
Target
686c2705e22fc7bafa4b72f9186647d6a87e2f8bf48284f68c42c5efbf315adc.exe
-
Size
1.8MB
-
Sample
241127-c48q2sspas
-
MD5
b74b5b7cc002895b1f65f88925f0d242
-
SHA1
5e684ea9fc6f977ad8299f4585e4622bb4aec175
-
SHA256
686c2705e22fc7bafa4b72f9186647d6a87e2f8bf48284f68c42c5efbf315adc
-
SHA512
7d450eb04fd5ece2c7ae9c17428c51316df5791e67a24ca05011745cb680a8f2a5b48f317f439059f2277c4a81fee7bc6db7f82a9f28231a02abf2ee7101f5ed
-
SSDEEP
49152:LwAPTbvGkIyzS5k+dFDGZ0fN0j/PX4fFwFbECY/hQFB:ZPTjGktzS5pGOl0TwSbw0B
Static task
static1
Behavioral task
behavioral1
Sample
686c2705e22fc7bafa4b72f9186647d6a87e2f8bf48284f68c42c5efbf315adc.exe
Resource
win7-20241023-en
Malware Config
Extracted
lumma
https://powerful-avoids.sbs
https://motion-treesz.sbs
https://disobey-curly.sbs
https://leg-sate-boat.sbs
https://story-tense-faz.sbs
https://blade-govern.sbs
https://occupy-blushi.sbs
https://frogs-severz.sbs
https://property-imper.sbs
Extracted
lumma
https://blade-govern.sbs/api
https://story-tense-faz.sbs/api
Targets
-
-
Target
686c2705e22fc7bafa4b72f9186647d6a87e2f8bf48284f68c42c5efbf315adc.exe
-
Size
1.8MB
-
MD5
b74b5b7cc002895b1f65f88925f0d242
-
SHA1
5e684ea9fc6f977ad8299f4585e4622bb4aec175
-
SHA256
686c2705e22fc7bafa4b72f9186647d6a87e2f8bf48284f68c42c5efbf315adc
-
SHA512
7d450eb04fd5ece2c7ae9c17428c51316df5791e67a24ca05011745cb680a8f2a5b48f317f439059f2277c4a81fee7bc6db7f82a9f28231a02abf2ee7101f5ed
-
SSDEEP
49152:LwAPTbvGkIyzS5k+dFDGZ0fN0j/PX4fFwFbECY/hQFB:ZPTjGktzS5pGOl0TwSbw0B
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-