General
-
Target
c6cfa1529c033adf2f0421eedb2a0a7b86d1cb6dad292867f6370ee70dbfe3df.exe
-
Size
1.8MB
-
Sample
241127-dh8dtszrak
-
MD5
d829b60152d0804b14b3382fb876407c
-
SHA1
b5cca5dad922ff24667e2aa4aa22c70ad5e5bf8c
-
SHA256
c6cfa1529c033adf2f0421eedb2a0a7b86d1cb6dad292867f6370ee70dbfe3df
-
SHA512
2c2a9ab3027c9035b22ab5a98f53ae5318a25b2f6ed1e77699c334d8775f81a92e3af1266528acf64d872c8654a0b4361030c74ebc8fc1811a76a6f04821c4e4
-
SSDEEP
49152:Njrh7fH42+2e2HAvWD9lgC8x2zUrksXFrR:NZjXUgFDPgCdzeH
Static task
static1
Behavioral task
behavioral1
Sample
c6cfa1529c033adf2f0421eedb2a0a7b86d1cb6dad292867f6370ee70dbfe3df.exe
Resource
win7-20241010-en
Malware Config
Extracted
lumma
https://powerful-avoids.sbs
https://motion-treesz.sbs
https://disobey-curly.sbs
https://leg-sate-boat.sbs
https://story-tense-faz.sbs
https://blade-govern.sbs
https://occupy-blushi.sbs
https://frogs-severz.sbs
https://property-imper.sbs
Extracted
lumma
https://blade-govern.sbs/api
https://story-tense-faz.sbs/api
Targets
-
-
Target
c6cfa1529c033adf2f0421eedb2a0a7b86d1cb6dad292867f6370ee70dbfe3df.exe
-
Size
1.8MB
-
MD5
d829b60152d0804b14b3382fb876407c
-
SHA1
b5cca5dad922ff24667e2aa4aa22c70ad5e5bf8c
-
SHA256
c6cfa1529c033adf2f0421eedb2a0a7b86d1cb6dad292867f6370ee70dbfe3df
-
SHA512
2c2a9ab3027c9035b22ab5a98f53ae5318a25b2f6ed1e77699c334d8775f81a92e3af1266528acf64d872c8654a0b4361030c74ebc8fc1811a76a6f04821c4e4
-
SSDEEP
49152:Njrh7fH42+2e2HAvWD9lgC8x2zUrksXFrR:NZjXUgFDPgCdzeH
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-