Extracted

• • Target

    file.exe

  • Size

    1.8MB

  • MD5

    7dab2228e99fe5f21b3ad8b9def25551

  • SHA1

    9a52915c11eec7a10c186182f6e802df11f24cd6

  • SHA256

    303e18730050b2e5c1eb01fc50eaa8fb78b95f09b5d5d83b09afe48cf13230c0

  • SHA512

    38e7babae63a05ce3b1bce80c97cb1a84b9021086520c59857b3c6c743fca3104e2ba8546a68b67f96eb744e5131fbdec6a388929788eadf1b4a7a52ac7fe2f4

  • SSDEEP

    49152:4p9iIcdNF9+SbE9hYxfzhd2/2UqeQBtMItLr:4u/dD9+q6Yxfzhd2bqT5

  Score

  10^/10

  lummadiscoveryevasionstealer

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2