Extracted

• • Target

    65f0b432d1c478584099dd485f75a04f.exe

  • Size

    1.8MB

  • MD5

    65f0b432d1c478584099dd485f75a04f

  • SHA1

    95887097bb413477819a3a4850554e59dea5ed26

  • SHA256

    e3f63b55b34a2e157b5754474b493afff810790cbcb166c40c355f4d64e3f154

  • SHA512

    a855c71e7252bd6251520bf7231ee464dbce778274d982de61f41e3aa793f92ab9a73b66d0c0b9278e8d812e8cf2d3f6bed080086613427873fea220e1c4cb71

  • SSDEEP

    49152:3vKFGc13O3zI9EXmdduwzqKNdRGpAtrugh34BUq79LXZ:/mcDI9E4/dRG8LaLJ

  Score

  10^/10

  lummadefense_evasiondiscoverystealer

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma

  • Lumma family

    lumma

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2