Extracted

• • Target

    ca73c92a8188aedad0841c9443c41b4ac1490d29f5dcfcfdec171c1995ed85dd.exe

  • Size

    1.8MB

  • MD5

    69e788568ba18c97ae7c7e76b0ce98d8

  • SHA1

    ca276971dc795890a7f4969481d67e9e6c23a776

  • SHA256

    ca73c92a8188aedad0841c9443c41b4ac1490d29f5dcfcfdec171c1995ed85dd

  • SHA512

    c4bd148a1515bd884f131e2020138072c4ad22292d59235ebd73961f6314c0aa4c2ed61b78c4d759651fe0a943c195df5f50881f86a5ab6694087aef819a2cf6

  • SSDEEP

    49152:8Zml+MQmf9/46TNWjhrxzlN5OWZoInrvKKfLx8m:dfhf+u4VNtpZRrvpam

  Score

  10^/10

  lummadefense_evasiondiscoverystealer

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma

  • Lumma family

    lumma

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2