General
-
Target
e3e467f3cbb8bc4f9d3f36a7a07f508ee6d9f8e73393882a30d42a5be983cb60N.exe
-
Size
2.9MB
-
Sample
250104-3r2ebavrbr
-
MD5
0c317f381e79d53cf9cdfce0497448c0
-
SHA1
17540fe62c058e8416510a7be74019d13dc6be87
-
SHA256
e3e467f3cbb8bc4f9d3f36a7a07f508ee6d9f8e73393882a30d42a5be983cb60
-
SHA512
6ff084530d21f4201115386207f130dcca410489b564c008ed4b623cab2d7c5854b5808ec059c76e1c0f80ec14cae6fa167847700d963c76656463873fdd5341
-
SSDEEP
49152:coHqwET4/fRtf8AlB69efeIJOUJWwipxXiW5acAPKe/P6qIy2TW:IzT4nRtf8AX69efeIN4wipxXPy5IyaW
Static task
static1
Behavioral task
behavioral1
Sample
e3e467f3cbb8bc4f9d3f36a7a07f508ee6d9f8e73393882a30d42a5be983cb60N.exe
Resource
win7-20240903-en
Malware Config
Extracted
lumma
https://cloudewahsj.shop/api
https://rabidcowse.shop/api
https://noisycuttej.shop/api
https://tirepublicerj.shop/api
https://framekgirus.shop/api
https://wholersorie.shop/api
https://abruptyopsn.shop/api
https://nearycrepso.shop/api
https://fancywaxxers.shop/api
Extracted
lumma
https://fancywaxxers.shop/api
https://abruptyopsn.shop/api
https://wholersorie.shop/api
https://framekgirus.shop/api
https://tirepublicerj.shop/api
https://noisycuttej.shop/api
https://rabidcowse.shop/api
https://cloudewahsj.shop/api
Targets
-
-
Target
e3e467f3cbb8bc4f9d3f36a7a07f508ee6d9f8e73393882a30d42a5be983cb60N.exe
-
Size
2.9MB
-
MD5
0c317f381e79d53cf9cdfce0497448c0
-
SHA1
17540fe62c058e8416510a7be74019d13dc6be87
-
SHA256
e3e467f3cbb8bc4f9d3f36a7a07f508ee6d9f8e73393882a30d42a5be983cb60
-
SHA512
6ff084530d21f4201115386207f130dcca410489b564c008ed4b623cab2d7c5854b5808ec059c76e1c0f80ec14cae6fa167847700d963c76656463873fdd5341
-
SSDEEP
49152:coHqwET4/fRtf8AlB69efeIJOUJWwipxXiW5acAPKe/P6qIy2TW:IzT4nRtf8AX69efeIN4wipxXPy5IyaW
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
2