Extracted

• • Target

    1f7cba48d4376c13c1f546e90ec8eb9d483a28a43569b7ca9ab4f8521504cbbc

  • Size

    2.9MB

  • MD5

    6d2ab775801af5b10acd3672b156dd80

  • SHA1

    35325ede41c0e163261be74d04f1a21568f68532

  • SHA256

    1f7cba48d4376c13c1f546e90ec8eb9d483a28a43569b7ca9ab4f8521504cbbc

  • SHA512

    d96da59ba2b8bc35c59093e16b3c08686bbdf7f2b7770fccbb4f019de4ec22effe150a3626d5a01062c2fab166d6c703a49c468ce448ce06bef56deea0a29231

  • SSDEEP

    49152:hGquCd+XGNtMiFwEzPHmB+1TnWRRfnVJMVtHxY1XtaczfQjWDs27:h9uCd+WPTzPHmBAmRvAxE0czP

  Score

  10^/10

  lummadiscoveryevasionstealer

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma

  • Lumma family

    lumma

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2