Extracted

• • Target

    9e1d4ef4049d83ab6f1a451fd16dc1843d3b162a8024e0193d39ce38b4970c0d.exe

  • Size

    1.8MB

  • MD5

    8a80c9665c83258db45ee674d764a219

  • SHA1

    0c68894b4c39bc049e95e640c81c044ee8ad6df2

  • SHA256

    9e1d4ef4049d83ab6f1a451fd16dc1843d3b162a8024e0193d39ce38b4970c0d

  • SHA512

    cf2db9c4678f3f681e2a25bf9978277540ef3b05feb07bdd5c1d0bca5e51c49790096217383da495a31dd12407a3b377c03a03d022e4e87cd5d992dd0e67852d

  • SSDEEP

    49152:dGbpaBIua5mOjJACFHA2sRgHmU+ZXBVsmBbGE:4xTokACVsTemgE

  Score

  10^/10

  lummaevasionstealerdiscovery

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma

  • Lumma family

    lumma

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2