General
-
Target
file.exe
-
Size
1.8MB
-
Sample
241127-clkaqsxrgn
-
MD5
4d590c2e2723f4ddad39983cfcd016e0
-
SHA1
7820b528b791f5bc0a6f648e1abcdcf153d0584d
-
SHA256
f2c1208026df174002f01a627d04e9dedc0722b40736fadaea5573dcb1dd7ad4
-
SHA512
920ca5ced1d710acdae75f3fa643355ebf99c4d107a8afce30e4c7377e5b7a230a8a49d978ffdb84d706adb37045028b9f005f354b3a9362e1a5bdc711b31eb2
-
SSDEEP
49152:IJxkPRAf149Icr7tnL9/e71pI9R0Y6eQ:IJxg/OQ1expcH6
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20241010-en
Malware Config
Extracted
lumma
https://powerful-avoids.sbs
https://motion-treesz.sbs
https://disobey-curly.sbs
https://leg-sate-boat.sbs
https://story-tense-faz.sbs
https://blade-govern.sbs
https://occupy-blushi.sbs
https://frogs-severz.sbs
https://property-imper.sbs
Extracted
lumma
https://blade-govern.sbs/api
https://story-tense-faz.sbs/api
Targets
-
-
Target
file.exe
-
Size
1.8MB
-
MD5
4d590c2e2723f4ddad39983cfcd016e0
-
SHA1
7820b528b791f5bc0a6f648e1abcdcf153d0584d
-
SHA256
f2c1208026df174002f01a627d04e9dedc0722b40736fadaea5573dcb1dd7ad4
-
SHA512
920ca5ced1d710acdae75f3fa643355ebf99c4d107a8afce30e4c7377e5b7a230a8a49d978ffdb84d706adb37045028b9f005f354b3a9362e1a5bdc711b31eb2
-
SSDEEP
49152:IJxkPRAf149Icr7tnL9/e71pI9R0Y6eQ:IJxg/OQ1expcH6
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-