Extracted

• • Target

    Sigmanly_80a8fee2e4d5909bf2dbe60be97d7ea44bbc5d9e3745caf83a06653287ea229c

  • Size

    5.9MB

  • MD5

    b50d06fdc5a763244d12f5d2e7c1ee3c

  • SHA1

    3c809781c51c973199894746f7dab09ca9c6a416

  • SHA256

    80a8fee2e4d5909bf2dbe60be97d7ea44bbc5d9e3745caf83a06653287ea229c

  • SHA512

    eb52ddb0c3d66bfae4e48b96d97c2f95eebbc9e4832952fbd52926d73af29dab3766231fd03946ffb6f348c7d3f9dfe3b09754c038a48e6358d8cba689a0ea64

  • SSDEEP

    98304:LkkKwG21Ovtlc2jHCyHPmfttKL8K1mTMKd3VU0rfBKUmlShrxlxrWVpcb:LPKbHlc22yvmVtkx1nC1UVlSlxrWs

  Score

  10^/10

  lummadiscoveryevasionstealer

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma

  • Lumma family

    lumma

  • Enumerates VirtualBox registry keys

    evasion

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Loads dropped DLL

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2