Extracted

• • Target

    random.exe

  • Size

    1.8MB

  • MD5

    10f6e997bed045a8c840b09bc411b19f

  • SHA1

    caf53afb90487800622d2bf05809921c6f565302

  • SHA256

    32b01a63cca8f2d7c6828280387e0c7e1a2c909a8e09b0d5f65e32d066e7ba7e

  • SHA512

    b50c19cf41e9c75feb21fd33eb5f9d7ac1f3756d200d433d31ffb3c6257a79afa8c66d4917c5379b6d352cc0c2cd6c5530a09b4b6d850f12234ccce03b963516

  • SSDEEP

    49152:3f803pPTEzyLob2TBQYIKdMTfvgG+zkg:3f80ZLtLbT0skv+zk

  Score

  10^/10

  lummadefense_evasiondiscoverystealer

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma

  • Lumma family

    lumma

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2