Extracted

• • Target

    41f0ea8f5dcbfae202983a0d2341bd41e75a63230a30a70fd2268ce3c2c96489.exe

  • Size

    3.1MB

  • MD5

    999310ee1d42ec35dae1b379798485a8

  • SHA1

    7563f768f3b0cb9456d2e21d035f78f610898487

  • SHA256

    41f0ea8f5dcbfae202983a0d2341bd41e75a63230a30a70fd2268ce3c2c96489

  • SHA512

    6b2d6ec16fbbfdcad936de2834f1845c6500bee8926b6da8045a0925c131607be7490c09269c9e3343d77e34eb7ba05560a14d618e88add11904ccbc6f58eac5

  • SSDEEP

    49152:Dl7AFawRdPONwTsRMyL7ukchUmrSj6mVsjHS0y:DcrRdPONwTsuyL7uk8PmGDRy

  Score

  10^/10

  lummadiscoveryevasionstealer

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma

  • Lumma family

    lumma

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2