Extracted

• • Target

    a173c2835f93b4d3594d8a83d780ab835174dec692119e4f104e0c810ae07541.exe

  • Size

    2.9MB

  • MD5

    a824d2fa75fbab0a5146eb2364dcb6e7

  • SHA1

    d3b9040111e71d9bc45bcc1e4b737c8e57b79c88

  • SHA256

    a173c2835f93b4d3594d8a83d780ab835174dec692119e4f104e0c810ae07541

  • SHA512

    8554bb9b5b6940a32af40683daf39b32197a19dcb8fcc0b999269b7209d236cd1e36483ca40acc4d514e9dbce31f22e3902bd9a181f6708451633d74ba27daa1

  • SSDEEP

    49152:yE516ovhm6rXMVaqdgjlEQoTEEVnaCqBmX/zHTg:+ovhpAaqdgjlEQoTEEVatBmvH

  Score

  10^/10

  lummadiscoveryevasionstealer

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2