Extracted

• • Target

    93e14db4af6b127444c9349f6c9162f4eebba4c220378be18d63f9951cb63b0c

  • Size

    2.9MB

  • MD5

    1279c027a5157053ead6d16bba200356

  • SHA1

    eafac59e5bf3507f0bd289ad3919e82a994e8f7f

  • SHA256

    93e14db4af6b127444c9349f6c9162f4eebba4c220378be18d63f9951cb63b0c

  • SHA512

    2b16876710c9723860862c2e2ba1ecaf526a5e7de3e11c3b9e5ee2e877039d66e57fc5122fc9fbbe12ff36df66a11787144cfe54c9243455b1abe159e49c3410

  • SSDEEP

    49152:5SLJ5lD28FyWNuea2iS+m2HnFdEZctzDdh9W2:5SLJ5lD28Fyvea2iSP2HpDdh9W

  Score

  10^/10

  lummadiscoveryevasionstealer

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma

  • Lumma family

    lumma

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2