Overview

overview

10

Static

static

3

1463b4f295...2e.exe

windows10-2004-x64

10

1463b4f295...2e.exe

windows11-21h2-x64

10

Resubmissions

07-01-2025 22:52

250107-2tf1qavjfk 10

06-01-2025 20:38

250106-ze36layrar 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1463b4f295186260be7b70898e81f673926a7eea22cc4ca340ec3464b36f022e

  • Size

    3.1MB

  • Sample

    250107-2tf1qavjfk

  • MD5

    2f926994dcd9945ffed390e302aa8cbb

  • SHA1

    4a8b9df036ad770333df6223dfd6c81d37a246b7

  • SHA256

    1463b4f295186260be7b70898e81f673926a7eea22cc4ca340ec3464b36f022e

  • SHA512

    ee3d8b225f1f176e6f05c538f4d04072780ebaa6e7c80faa69d7f3d101898ac3ac03c83148047de07b1b98511e992b8be44f8f47b28d1010a4447516ace1714c

  • SSDEEP

    49152:RNzrSSSSSSSSSS0SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSkSSSVSa:RYzIZPRM55EgyoscaZ42ee1lN8

Score
10/10
lummasalitybackdoordiscoveryevasionstealertrojanupx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Extracted

Family

lumma

C2

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

https://fancywaxxers.shop/api

Targets

    • Target

      1463b4f295186260be7b70898e81f673926a7eea22cc4ca340ec3464b36f022e

    • Size

      3.1MB

    • MD5

      2f926994dcd9945ffed390e302aa8cbb

    • SHA1

      4a8b9df036ad770333df6223dfd6c81d37a246b7

    • SHA256

      1463b4f295186260be7b70898e81f673926a7eea22cc4ca340ec3464b36f022e

    • SHA512

      ee3d8b225f1f176e6f05c538f4d04072780ebaa6e7c80faa69d7f3d101898ac3ac03c83148047de07b1b98511e992b8be44f8f47b28d1010a4447516ace1714c

    • SSDEEP

      49152:RNzrSSSSSSSSSS0SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSkSSSVSa:RYzIZPRM55EgyoscaZ42ee1lN8

    Score
    10/10
    lummasalitybackdoordiscoveryevasionstealerupxtrojan

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Lumma family

      lumma

    • Modifies firewall policy service

      evasion

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

      backdoorsality

    • Sality family

      sality

    • UAC bypass

      evasiontrojan

    • Windows security bypass

      evasiontrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Windows security modification

      evasiontrojan

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Defense Evasion

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Impair Defenses

4
T1562

Disable or Modify System Firewall

1
T1562.004

Disable or Modify Tools

3
T1562.001

Modify Registry

5
T1112

Virtualization/Sandbox Evasion

2
T1497

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

2
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Virtualization/Sandbox Evasion

2
T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks