Extracted

Extracted

Extracted

• • Target

    1463b4f295186260be7b70898e81f673926a7eea22cc4ca340ec3464b36f022e

  • Size

    3.1MB

  • MD5

    2f926994dcd9945ffed390e302aa8cbb

  • SHA1

    4a8b9df036ad770333df6223dfd6c81d37a246b7

  • SHA256

    1463b4f295186260be7b70898e81f673926a7eea22cc4ca340ec3464b36f022e

  • SHA512

    ee3d8b225f1f176e6f05c538f4d04072780ebaa6e7c80faa69d7f3d101898ac3ac03c83148047de07b1b98511e992b8be44f8f47b28d1010a4447516ace1714c

  • SSDEEP

    49152:RNzrSSSSSSSSSS0SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSkSSSVSa:RYzIZPRM55EgyoscaZ42ee1lN8

  Score

  10^/10

  lummasalitybackdoordiscoveryevasionstealertrojanupx

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma

  • Lumma family

    lumma

  • Modifies firewall policy service

    evasion

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • Sality family

    sality

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Windows security modification

    evasiontrojan

  • Checks whether UAC is enabled

    evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2