Extracted

• • Target

    file.exe

  • Size

    1.7MB

  • MD5

    8dfd8eaae0a25d346fb3ef5a083a4f4e

  • SHA1

    84004ef179f88b7a8ecd971728c495b9f0c88dae

  • SHA256

    2154b74f5f555aafda6ec664348b9a563d22c224173c904e329ff1417a39b0d9

  • SHA512

    30940a87c2fd2191035bcbfcc22aafc8c773bfadfdde2e075fb99a22fa9ee1a99fda39c079db83937306e5c536005ae1aceb3c79fb8b50ac248493b475c973a6

  • SSDEEP

    49152:/IhFbBhII1RgZArcGFuu5+KgnT0cxW8ZKXC:/Yb/ImRgyAi+Yc

  Score

  10^/10

  lummadiscoveryevasionstealer

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma

  • Lumma family

    lumma

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2