Analysis

  • max time kernel
    108s
  • max time network
    109s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250619-en
  • resource tags

    arch:x64arch:x86image:win11-20250619-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    30/06/2025, 18:06

General

  • Target

    random.exe

  • Size

    1.8MB

  • MD5

    fc2baaa895b41c1ae7dd3a48c39d3f0e

  • SHA1

    309b007589c7668fb953751791982163b74acea2

  • SHA256

    f0e261b72e77b25d687144f96606809f6ec6fedad389cc33a3f887aa6326ed41

  • SHA512

    8c7fda4a29139dc5ddf3ddac7ee98c19f598e08e2665352adc0e557c4dd7f10d24cbc2b73adbb54766ebe667cb4713d0913c77b227865c71533cdfa2789c20f6

  • SSDEEP

    49152:7MiBGyKfSTNANjzKiOW8+51jzFFdy8we2:hn1oRVFdrM

Malware Config

Extracted

Family

lumma

C2

https://rbmlh.xyz/lakd

https://pacwpw.xyz/qwpr

https://comkxjs.xyz/taox

https://unurew.xyz/anhd

https://trsuv.xyz/gait

https://sqgzl.xyz/taoa

https://cexpxg.xyz/airq

https://urarfx.xyz/twox

https://liaxn.xyz/nbzh

Attributes
  • build_id

    f6451c24492e9cd8096536b4d570d2ac9bce77fadf

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\random.exe
    "C:\Users\Admin\AppData\Local\Temp\random.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Identifies Wine through registry keys
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2432

Network

        MITRE ATT&CK Enterprise v16

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2432-0-0x0000000000490000-0x000000000093B000-memory.dmp

          Filesize

          4.7MB

        • memory/2432-1-0x0000000005020000-0x0000000005021000-memory.dmp

          Filesize

          4KB

        • memory/2432-5-0x0000000005040000-0x0000000005041000-memory.dmp

          Filesize

          4KB

        • memory/2432-4-0x0000000005060000-0x0000000005061000-memory.dmp

          Filesize

          4KB

        • memory/2432-7-0x0000000005030000-0x0000000005031000-memory.dmp

          Filesize

          4KB

        • memory/2432-6-0x0000000005050000-0x0000000005051000-memory.dmp

          Filesize

          4KB

        • memory/2432-8-0x0000000000490000-0x000000000093B000-memory.dmp

          Filesize

          4.7MB

        • memory/2432-9-0x0000000005070000-0x0000000005071000-memory.dmp

          Filesize

          4KB

        • memory/2432-10-0x0000000000490000-0x000000000093B000-memory.dmp

          Filesize

          4.7MB