Extracted

• • Target

    08e54fcd99af9d5f0089a5bdc55176efd928e0cb74b5e9968e7bdae0430e2199.exe

  • Size

    1.8MB

  • MD5

    cbc6d4612edd8e12a0ee65823aec267c

  • SHA1

    8b85beb0d98c5b56165b238ca16c8ab8a511e56d

  • SHA256

    08e54fcd99af9d5f0089a5bdc55176efd928e0cb74b5e9968e7bdae0430e2199

  • SHA512

    1d3ef30fc4bb95b925e10006b3735774335ebccaaa010c64c5747dc40448b047e79ab85a4b056541328b8b046522584529f4b7b73afff608d5095047dca970ea

  • SSDEEP

    49152:E6HkcY3cqpY/mYfQqelSGGvWWgsT+Cj/il3+KqVNyih7I:E6EvMfmYIDWfb/wfqVNZ

  Score

  10^/10

  lummadefense_evasiondiscoverystealer

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma

  • Lumma family

    lumma

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2