General
-
Target
eae4aa0f083a86a6b40dd4d5451129411f549fd9f736737b9364450ad4fb3690.bin
-
Size
1.8MB
-
Sample
250630-thjcpssry2
-
MD5
517735da69f918bddeab9f1aadf47c42
-
SHA1
bc76a04f3efd8da6c77d6488b6a28e8f2ee8d187
-
SHA256
eae4aa0f083a86a6b40dd4d5451129411f549fd9f736737b9364450ad4fb3690
-
SHA512
eb8854a683df0c4682ca7cf242a24e0cc879c31a298d73758e6c5a1f1e4ce23ec5bb81e0cbdb238469e439adc8dc9acc0e717bade64701eb94622c5e137626cf
-
SSDEEP
49152:0BhZW92dD1yMr/e0gcIXNPcDVcpFHVwLOM+JjFWbyKJ3:8ZNr/OmDVcpF3Wua3
Static task
static1
Behavioral task
behavioral1
Sample
eae4aa0f083a86a6b40dd4d5451129411f549fd9f736737b9364450ad4fb3690.exe
Resource
win10v2004-20250610-en
Behavioral task
behavioral2
Sample
eae4aa0f083a86a6b40dd4d5451129411f549fd9f736737b9364450ad4fb3690.exe
Resource
win11-20250610-en
Malware Config
Extracted
lumma
https://rbmlh.xyz/lakd
https://pacwpw.xyz/qwpr
https://comkxjs.xyz/taox
https://unurew.xyz/anhd
https://trsuv.xyz/gait
https://sqgzl.xyz/taoa
https://cexpxg.xyz/airq
https://urarfx.xyz/twox
https://liaxn.xyz/nbzh
-
build_id
390bea80c680e8ad8f5a7491c21e9997d7df1956cb
Targets
-
-
Target
eae4aa0f083a86a6b40dd4d5451129411f549fd9f736737b9364450ad4fb3690.bin
-
Size
1.8MB
-
MD5
517735da69f918bddeab9f1aadf47c42
-
SHA1
bc76a04f3efd8da6c77d6488b6a28e8f2ee8d187
-
SHA256
eae4aa0f083a86a6b40dd4d5451129411f549fd9f736737b9364450ad4fb3690
-
SHA512
eb8854a683df0c4682ca7cf242a24e0cc879c31a298d73758e6c5a1f1e4ce23ec5bb81e0cbdb238469e439adc8dc9acc0e717bade64701eb94622c5e137626cf
-
SSDEEP
49152:0BhZW92dD1yMr/e0gcIXNPcDVcpFHVwLOM+JjFWbyKJ3:8ZNr/OmDVcpF3Wua3
Score10/10-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v16
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3