Extracted

• • Target

    1.msi

  • Size

    18.5MB

  • MD5

    b4a8e2c2930ce08543812fc93d52c623

  • SHA1

    46bd2b41d3f0d3d0ee4edbad3765534b9f8a4aa5

  • SHA256

    7a611f7ede6f64d7deafdf2510ea740cf615ab0cd3d709cf17476c43a3b8aaee

  • SHA512

    a689155826b93302649934648550e8c8a9a9a117cf72959ec153f8d5a443c14190f06a48b8e8ab0041c78e1d14c15a5859805e2eb955b7ac21c94814c33dd491

  • SSDEEP

    393216:4/rBfNTzWDFhDxzDreUUrHhRVR6+U4BttD/HVQ20vngRTJVBaOlVcv+:urBf1WdLetDtR6IttD1QBSB7ry

  Score

  10^/10

  lummadiscoveryevasionpersistenceprivilege_escalationstealer

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma

  • Lumma family

    lumma

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Blocklisted process makes network request

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral1behavioral2