Extracted

Extracted

• • Target

    file.exe

  • Size

    1.7MB

  • MD5

    a4fb8fb6603269a85e23ad8f29961276

  • SHA1

    7950f83e533d60a5cdf5aea383ab7664a3a3000d

  • SHA256

    baa43fb48075f4f72748b453ad4408c15f2196d4309ad27ea6f54c2d5e40117a

  • SHA512

    7af437cfe238a0c4f2559ed7e350352135dd79dfda5285b932860a14305db18d938bad3d1d0910e011be51c12d71ded5866ab3e7151ec8d642be756de31c0f15

  • SSDEEP

    49152:XyjCcBkR6AkhqreaPgUe030DX+SIDjeakufZFnqmxV:eDGQAkhTa49zL+dSakuRUY

  Score

  10^/10

  lummadiscoveryevasionstealer

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma

  • Lumma family

    lumma

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2