Extracted

• • Target

    58c65511c40a07d817ef8d74532c4f1a0e0d1c2578470e87a5cc994f5ce2c9b9.exe

  • Size

    1.8MB

  • MD5

    88fa38a5662271142ae40072df1c4d66

  • SHA1

    fc66b9f0e085942e91e417c892e2951393c71de7

  • SHA256

    58c65511c40a07d817ef8d74532c4f1a0e0d1c2578470e87a5cc994f5ce2c9b9

  • SHA512

    3e6c672891c619dd78bb6d3927da7fe68179a39f09331c320c3db1bc8011f1b86e9ec809c1931695b26b9a1b22644427011b5f4e7e0f0822a2500b0ea27da708

  • SSDEEP

    49152:oF3T9t6GDlTH944UOCVa3tKdg9xrVdoDALVy:oVTf/lrOOCVa3tTDokLVy

  Score

  10^/10

  lummadiscoveryevasionstealer

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma

  • Lumma family

    lumma

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2