Extracted

• • Target

    N6687_random.exe

  • Size

    1.8MB

  • MD5

    23593c7fce6f2ee25feb29fca4e0b5e4

  • SHA1

    753acc53eda55bfda77e185c339223a26dbad3c2

  • SHA256

    50b247bc9f1ddfc4be1a6282e5f3e1daacc8b0829a13831bce3267eddb4bb40f

  • SHA512

    60083ceee24e4bb06ce5dd281779ec8103ecea2d7131500cf10e6a3a4b8ee60e659a0437a9092d8b7db9d69e53be1fcdd6f1cd120a1ef534eab06ea6a89778f5

  • SSDEEP

    49152:SH6CbdxklvKc1n0aGMfPZ42Z0A1d8QJKnWxsASqw:i62fkZ79HS2uA1d+WxvSqw

  Score

  10^/10

  lummadefense_evasiondiscoverystealer

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma

  • Lumma family

    lumma

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2