General
-
Target
05df9dc444da569ef767e07fc19727d8cb7ad83c33dfd7d71ad090c804722253.exe
-
Size
1.8MB
-
Sample
241127-qxqhsasjfq
-
MD5
e2043f7a00a88c44b35c924f530b928a
-
SHA1
f8559497944bb0f644dfe77ae878457e4ab035d3
-
SHA256
05df9dc444da569ef767e07fc19727d8cb7ad83c33dfd7d71ad090c804722253
-
SHA512
09643866086eb1e3faedd57ab4b487487027cd0d7633dd542aa4d61a14c412ce3d82468b53008054c6869457133b5645b4cf8929e4ed3c3ddf13cc8bade808ff
-
SSDEEP
49152:xT3lwSFTimRSZaudtHu/tGsniVIcW+hn7:ZLTimsFzJlE2
Static task
static1
Behavioral task
behavioral1
Sample
05df9dc444da569ef767e07fc19727d8cb7ad83c33dfd7d71ad090c804722253.exe
Resource
win7-20240903-en
Malware Config
Extracted
lumma
https://crib-endanger.sbs
https://faintbl0w.sbs
https://300snails.sbs
https://bored-light.sbs
https://3xc1aimbl0w.sbs
https://pull-trucker.sbs
https://fleez-inc.sbs
https://thicktoys.sbs
https://frogmen-smell.sbs
Extracted
lumma
https://frogmen-smell.sbs/api
Targets
-
-
Target
05df9dc444da569ef767e07fc19727d8cb7ad83c33dfd7d71ad090c804722253.exe
-
Size
1.8MB
-
MD5
e2043f7a00a88c44b35c924f530b928a
-
SHA1
f8559497944bb0f644dfe77ae878457e4ab035d3
-
SHA256
05df9dc444da569ef767e07fc19727d8cb7ad83c33dfd7d71ad090c804722253
-
SHA512
09643866086eb1e3faedd57ab4b487487027cd0d7633dd542aa4d61a14c412ce3d82468b53008054c6869457133b5645b4cf8929e4ed3c3ddf13cc8bade808ff
-
SSDEEP
49152:xT3lwSFTimRSZaudtHu/tGsniVIcW+hn7:ZLTimsFzJlE2
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-