Extracted

• • Target

    9a2d0a1315586560e820fe284fcdd06be407fe77b4381cb313dce462cd764dd1

  • Size

    3.4MB

  • MD5

    a56373128a6575f8f90e0c8e54d50643

  • SHA1

    3c14dbc79a99b69f8dfbfa129e59cb92eb4ac869

  • SHA256

    9a2d0a1315586560e820fe284fcdd06be407fe77b4381cb313dce462cd764dd1

  • SHA512

    7601c98478a8974a40b2c1c9ae7cc5afbf4b8d079cd8a726a187396a7d52f1b482757e4dcb08aa6b7636d5922f083997187dc4e35e4673708c3e8553ba9b18f8

  • SSDEEP

    98304:OEMzumbgVmkJQVgM/0LyAkUkWL5tEgq4B0YNLlTvfxi0u:rexktQ//0mUkik4bdvfxE

  Score

  10^/10

  lummadiscoveryevasionstealertrojan

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma

  • Lumma family

    lumma

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Checks whether UAC is enabled

    evasiontrojan

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2