Extracted

• • Target

    random.exe

  • Size

    1.8MB

  • MD5

    6c11fdb6f39fee24fcb5db6813aae123

  • SHA1

    5212a271c14589ccca44f7278b60ef85a34cf573

  • SHA256

    646588553134dbbeb560be011cf30fe178ae35f85326c3bea129a9e526e2d864

  • SHA512

    c2a23d68e65d7a8d479d9e158dad2910db7b9013433f94276b992e995d94cbbfd66255e3ac3622f11c33302caf3e1be9dab647a8c80b7dee93e0047db11a8258

  • SSDEEP

    49152:M1GMmbeqAKYmkI8opZNUK6fVMqW83jW6Toj:M1GMmbequ7I7p8KXUiW

  Score

  10^/10

  lummadefense_evasiondiscoverystealer

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma

  • Lumma family

    lumma

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2