Extracted

• • Target

    Sigmanly_bb6ed22605e38edeea643fc3ef43ced73ba96cc3740f8e1d4332932a36d45a41

  • Size

    6.8MB

  • MD5

    ec19fa1027fee164803cc127aef64199

  • SHA1

    8a1c7cd16c432a67eb9d71fe745d5ce5e4315dfd

  • SHA256

    bb6ed22605e38edeea643fc3ef43ced73ba96cc3740f8e1d4332932a36d45a41

  • SHA512

    3f11ccce6a0b870e8596e24d2b91d492c8a7d6b6e8d5a0d868a0db90d03a76f0d1c91907bfe98e95d2542deceb39c66a5ce69114d980d61e5bcff4ec1a5c4a78

  • SSDEEP

    98304:47RIWaDhDFxHWAW8+xfbZV1IucY8j8NHM3lngV++ZKHWywyfQmZ:4FItx3WhxFVgY88HM3NgV++Z2WuI+

  Score

  10^/10

  lummadiscoveryevasionstealer

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma

  • Lumma family

    lumma

  • Enumerates VirtualBox registry keys

    evasion

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Loads dropped DLL

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Enumerates processes with tasklist

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2