Extracted

• • Target

    random.exe

  • Size

    1.8MB

  • MD5

    b0819900c48b5172afe53e934744c404

  • SHA1

    ca2bab8985d74ebc1fa7128054d5076567ad8d07

  • SHA256

    fb039c2e3b499e8cd1f742db2ba9aa2c2bffe6fae2d290ea8a172be9b5357658

  • SHA512

    65f766de779e8196b7f327ed5655af0ae0ea90c6d29cfedb8a31198ed4665a7b6e11bcaf32d892687e52f3aa0fbbb08578c8af389519b4590faf344925dc29b9

  • SSDEEP

    49152:9jy8i8ehSGJkF+usITvR1w0eO54fe3TY:iXITp15/54fe3E

  Score

  10^/10

  lummadefense_evasiondiscoverystealer

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma

  • Lumma family

    lumma

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1