Extracted

• • Target

    Sigmanly_65697232568baa86a010e0d5f589410de0b388cf7baba7d7ef2a2869ff2943a6

  • Size

    2.8MB

  • MD5

    cdcaa653fe18f53e5fbbca4d7a02c6bc

  • SHA1

    ad4341677ecf5ed7968198b327507f5842086d8c

  • SHA256

    65697232568baa86a010e0d5f589410de0b388cf7baba7d7ef2a2869ff2943a6

  • SHA512

    fe7d058ab71c1bb3d757178273d03c6a81c7b5dc7e43ae6854c4bcc9b385b2eae7ad59e03b40038ac6eb606652d5b31d69da80e3eb250d8ec7a992858c88de67

  • SSDEEP

    49152:iME85dKV8N4VPeU31LmWH36T4Aacy+n4VNihfBJ7nRPTg:PE85dKVsqPeU31LmWXL0RfT7nRPE

  Score

  10^/10

  lummadiscoveryevasionstealer

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma

  • Lumma family

    lumma

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2