Extracted

• • Target

    4bcf10ec2eeadcd2cf2e90d4f0f12d881288371002b0e8ba9ba77ab0a19b2760N.exe

  • Size

    1.8MB

  • MD5

    1d40726e94eb12d200dd3fe49f15aec0

  • SHA1

    619d990acda726463c15b168337c192f7d69a297

  • SHA256

    4bcf10ec2eeadcd2cf2e90d4f0f12d881288371002b0e8ba9ba77ab0a19b2760

  • SHA512

    207cdd6b3dbd9072a5fa64ddee898fa745316ce4f175557a6b9d3cb3f82d03e23cc79760d1d83eeb9f27065e937d5d110c2b4b93497dc3119ed0b44f184f6489

  • SSDEEP

    24576:NpMWDhpLCcEoRDV/oRgHkORYTbdnOlhSRtREPPAYAOKqZ5Kymq5QRoTAN8pM/KUw:NmWeax/gg3oUTSREXKqiym+QfPkvZ

  Score

  10^/10

  lummadiscoveryevasionstealer

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma

  • Lumma family

    lumma

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2