Extracted

• • Target

    rJDqJIa.exe

  • Size

    1.8MB

  • MD5

    17107886ab85d1fe843d507496b67531

  • SHA1

    928468a987de2bdab60929957643488391e59814

  • SHA256

    9b78a9c08bdaf02a95bb174177d43ba37b45b32ca7315faea007178672a36330

  • SHA512

    d37b08761b07e1a5e3116ed6f52c98c0c7c211bbf0dcc96b77949aab43307cd979348c83990691bc7db324e7bbccf45ce356ce8f9da26b5b0a132ed605fd55e9

  • SSDEEP

    49152:WhN5mE5D7yVsVO6J3nrQTqjTE1ECL+ZRsR0dWyQ:+/H50sTJXrvT4gWyQ

  Score

  10^/10

  lummadefense_evasiondiscoverystealer

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma

  • Lumma family

    lumma

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2