Extracted

• • Target

    file.exe

  • Size

    2.8MB

  • MD5

    8ef2306f9acfefba1cb29b83e6c1d52d

  • SHA1

    9e20ad60c4133c2b3f6ab43a6276ca1ef52a4a56

  • SHA256

    64f31958b14feaf71969133ab324d9954cb0b94fefa190a277f4d75fbb0818f6

  • SHA512

    e7d2bfbf22d1a8a7322e0260b8dbeed25295a61c772f6e7cdfc7a0f2d6b1eb8f9b739d7002a6e1fe1aa30e86f7d1fbfa2aba20a84705b2458149c0937730ae48

  • SSDEEP

    49152:6ny2gye18qD/7A3LwN092TxDH7nBSZHJC0SEd:F2gye18+/7AsN092TxHnBUC0b

  Score

  10^/10

  lummadiscoveryevasionstealer

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2