Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

Sigmanly_1...c8.exe

windows7-x64

10

Sigmanly_1...c8.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Sigmanly_1ad8785caeb519b67ea168477437d8166d9747196a46d22313f48eb4ab86fec8

  • Size

    5.9MB

  • Sample

    250106-q6esmszqdn

  • MD5

    a99adad8a9f9f1d9dcce30c42dd4be3a

  • SHA1

    62a01c957ca7d637a1d8090475c4ef2843100bb8

  • SHA256

    1ad8785caeb519b67ea168477437d8166d9747196a46d22313f48eb4ab86fec8

  • SHA512

    ef4d785015f24cdf4339e9ab0ce8f824456e3b60d9d605fedaeec2403797b4490949bebb248cc076d1fa3d031f82eb86d517bc1cdb4e009e413433d84a29b20c

  • SSDEEP

    98304:Xez8a1mzYrkxZ8VYKOwErakov9RUxHJTjrhrpLpMOz8C+kj36YtKonKG6Lq7zzYf:Xez12Yo38VLEraBA3nhLMOJ+I3NtKonr

Score
10/10
lummadiscoveryevasionstealer

Malware Config

Extracted

Family

lumma

Targets

    • Target

      Sigmanly_1ad8785caeb519b67ea168477437d8166d9747196a46d22313f48eb4ab86fec8

    • Size

      5.9MB

    • MD5

      a99adad8a9f9f1d9dcce30c42dd4be3a

    • SHA1

      62a01c957ca7d637a1d8090475c4ef2843100bb8

    • SHA256

      1ad8785caeb519b67ea168477437d8166d9747196a46d22313f48eb4ab86fec8

    • SHA512

      ef4d785015f24cdf4339e9ab0ce8f824456e3b60d9d605fedaeec2403797b4490949bebb248cc076d1fa3d031f82eb86d517bc1cdb4e009e413433d84a29b20c

    • SSDEEP

      98304:Xez8a1mzYrkxZ8VYKOwErakov9RUxHJTjrhrpLpMOz8C+kj36YtKonKG6Lq7zzYf:Xez12Yo38VLEraBA3nhLMOJ+I3NtKonr

    Score
    10/10
    lummadiscoveryevasionstealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Lumma family

      lumma

    • Enumerates VirtualBox registry keys

      evasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks