Extracted

• • Target

    f3a0987aa1f15df7d465b05835e9e8f36624bf899ef080fde4228eb1404a4e02.exe

  • Size

    1.8MB

  • MD5

    af07a7dbfcd409d72d4b94efb8c8c475

  • SHA1

    a85735305aa551f66bce4b950b0493c2e5eac648

  • SHA256

    f3a0987aa1f15df7d465b05835e9e8f36624bf899ef080fde4228eb1404a4e02

  • SHA512

    91b30d86ab292f2d55c01fd41fed1f29d0f9af391a905c1e491b28a567544ca66e802c7c9b93da2f175d28de2f09eab2659c38eca9b506f29b7db3a88a12bdb6

  • SSDEEP

    49152:0xltXaRBohLstM94FIMeBsWhFwn9KQ5KUZiUP7k:0xqRpMZsf9b5BZiUP7

  Score

  10^/10

  lummadefense_evasiondiscoverystealer

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma

  • Lumma family

    lumma

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2