Extracted

• • Target

    5UB19_random.exe

  • Size

    1.8MB

  • MD5

    9ac3180f8417b0d4a73833e0508b9138

  • SHA1

    b0de44c97aca986bc2b08381815e4752cdcaf313

  • SHA256

    d1b089245406d8339197face6c2c98202ce48cd18d20b4215e15c6677bc77aa3

  • SHA512

    6c7728815c247f603aa1c5a2259e57c6ae332ef956028a1b284397a294827cc503208dc7996d26b5b6d5fae71ea11d3b9c3c64b2ccaebd649ede338a9f85fca5

  • SSDEEP

    24576:xtjAY7t7NUDdrhH/JhXqvNh0P+K1ojZwYDahWuawoZmt7OZbdoUk9xykgu0slhUn:x1X0X7avNheP1g6u96km4ZZoUkyajv

  Score

  10^/10

  lummadefense_evasiondiscoverystealer

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma

  • Lumma family

    lumma

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2