Extracted

• • Target

    be5da0edd9c111aa4531e7c5540fba585f457a77aceee0f8c969e3f6fd9bd8e8.exe

  • Size

    1.7MB

  • MD5

    a5c244272b7b461659a38eeff55d5983

  • SHA1

    5efa032dcaeaf448ce0bff039226e243fb3755a9

  • SHA256

    be5da0edd9c111aa4531e7c5540fba585f457a77aceee0f8c969e3f6fd9bd8e8

  • SHA512

    ffff0350e9dfbdcc91a6bd6385bb6ca48e33e80d9e69a39367dd411fbe67f1eb48eeb5bd3b492f258a155c2a7b6cd35019a54827fbceca85f39f3785c14fc46d

  • SSDEEP

    49152:heRYGkpoZljE7wJf2A94F9xxBvI3fWcrIGyO:heR3ZZBE77O41xBGfrrIi

  Score

  10^/10

  lummadiscoveryevasionstealer

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma

  • Lumma family

    lumma

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2