Extracted

Extracted

• • Target

    0aaf66f5831370bd7320db9fafe43bd25bbfecb770c1a7f669e0e2b0da83c776N

  • Size

    3.8MB

  • MD5

    d61bef6dd828b3b6cb5abbb7a79063c0

  • SHA1

    a3843a2192c7dbf513d4af50f8734bfb573ba019

  • SHA256

    0aaf66f5831370bd7320db9fafe43bd25bbfecb770c1a7f669e0e2b0da83c776

  • SHA512

    99cec1bf87bbddbf252f92137ed3e7ff74921324966fff6c21939b377ba132d8f40533c9700640e3b55eb36c13bdbece9d5c104706fc62b43a4b5707ecea6356

  • SSDEEP

    98304:a17iukepVxrgvJHsmP8tzGLOxKURUyUYlTCyo3V9:+7i4xIHsA8NGLOhqslu13V

  Score

  10^/10

  lummastealctalediscoveryevasionpersistencestealer

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma

  • Lumma family

    lumma

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Executes dropped EXE

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Adds Run key to start application

    persistence

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1