Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    aa6a1653fb3f3306c28456c7ff359a6f790df05d21e3befb7f08878495e6239fN.exe

  • Size

    1.8MB

  • Sample

    250108-j5jxms1phv

  • MD5

    b660f6eea67dd79fc8c91c6a6b6349c0

  • SHA1

    8584bdc3288b169020056c32ac01d1d50a1246c8

  • SHA256

    aa6a1653fb3f3306c28456c7ff359a6f790df05d21e3befb7f08878495e6239f

  • SHA512

    98107ffb556be668ec49d010adb1a3a3287fff6c2cd0c287bbc5d4c857bcbf56474363344386a77925278fbbe01d6e5d2bbf4a7f26febc72527b6d3dbd73838f

  • SSDEEP

    49152:dGbpaBIua5mOjJACFHA2sRgHmU+ZXBVsmBbG:4xTokACVsTemg

Malware Config

Extracted

Family

lumma

C2

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

https://fancywaxxers.shop/api

Targets

    • Target

      aa6a1653fb3f3306c28456c7ff359a6f790df05d21e3befb7f08878495e6239fN.exe

    • Size

      1.8MB

    • MD5

      b660f6eea67dd79fc8c91c6a6b6349c0

    • SHA1

      8584bdc3288b169020056c32ac01d1d50a1246c8

    • SHA256

      aa6a1653fb3f3306c28456c7ff359a6f790df05d21e3befb7f08878495e6239f

    • SHA512

      98107ffb556be668ec49d010adb1a3a3287fff6c2cd0c287bbc5d4c857bcbf56474363344386a77925278fbbe01d6e5d2bbf4a7f26febc72527b6d3dbd73838f

    • SSDEEP

      49152:dGbpaBIua5mOjJACFHA2sRgHmU+ZXBVsmBbG:4xTokACVsTemg

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.