Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Sigmanly_1ad8785caeb519b67ea168477437d8166d9747196a46d22313f48eb4ab86fec8

  • Size

    5.9MB

  • Sample

    250106-q6esmszqdn

  • MD5

    a99adad8a9f9f1d9dcce30c42dd4be3a

  • SHA1

    62a01c957ca7d637a1d8090475c4ef2843100bb8

  • SHA256

    1ad8785caeb519b67ea168477437d8166d9747196a46d22313f48eb4ab86fec8

  • SHA512

    ef4d785015f24cdf4339e9ab0ce8f824456e3b60d9d605fedaeec2403797b4490949bebb248cc076d1fa3d031f82eb86d517bc1cdb4e009e413433d84a29b20c

  • SSDEEP

    98304:Xez8a1mzYrkxZ8VYKOwErakov9RUxHJTjrhrpLpMOz8C+kj36YtKonKG6Lq7zzYf:Xez12Yo38VLEraBA3nhLMOJ+I3NtKonr

Malware Config

Extracted

Family

lumma

Targets

    • Target

      Sigmanly_1ad8785caeb519b67ea168477437d8166d9747196a46d22313f48eb4ab86fec8

    • Size

      5.9MB

    • MD5

      a99adad8a9f9f1d9dcce30c42dd4be3a

    • SHA1

      62a01c957ca7d637a1d8090475c4ef2843100bb8

    • SHA256

      1ad8785caeb519b67ea168477437d8166d9747196a46d22313f48eb4ab86fec8

    • SHA512

      ef4d785015f24cdf4339e9ab0ce8f824456e3b60d9d605fedaeec2403797b4490949bebb248cc076d1fa3d031f82eb86d517bc1cdb4e009e413433d84a29b20c

    • SSDEEP

      98304:Xez8a1mzYrkxZ8VYKOwErakov9RUxHJTjrhrpLpMOz8C+kj36YtKonKG6Lq7zzYf:Xez12Yo38VLEraBA3nhLMOJ+I3NtKonr

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Enumerates VirtualBox registry keys

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.