Extracted

• • Target

    Setup.exe

  • Size

    15.1MB

  • MD5

    679e3f0e646a1a26b3264d08f398b228

  • SHA1

    feedf0799a22cdfb393960a2b8edc06b35019664

  • SHA256

    3e79d4e30a37e43e13033008ca5bfe51b54e12d24c8dbba76da259d26789b9f1

  • SHA512

    46038281c1c73ba9a0265db68a4be35fee3fb640d95c04407424a9cd7bc97013ca5b40ae546f7e25dc77c9d047ee9d4fea98d54e1c7a44977f204623543af99f

  • SSDEEP

    393216:A8+b3itt/k6pMm/aGib3gQuq6C2CT9U3TC6dRR8H0ZH3P:qS9CmqzTGunIH3P

  Score

  10^/10

  banloadlummadownloaderdropperevasionpersistencestealertrojan

  • Banload

    Banload variants download malicious files, then install and execute the files.

    trojandropperdownloaderbanload

  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

    stealerlumma

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Registers COM server for autorun

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2