Extracted

• • Target

    random.exe

  • Size

    1.8MB

  • MD5

    c579334428cc20c8519e5aefa497d490

  • SHA1

    47d1361932afcf84a21c9955a2016229be936321

  • SHA256

    cc1cdcf4e25a8b2d698422997112c6d9e3d33608ad55c8c995e22c7ccd8563ad

  • SHA512

    3a5781300235f5dbdadb231522a7f063f57930b7894019d9b58c4afb85c62620307b749a6bab518cebf0041221db1061d7a09b9e3018cd92c15b0a226fec5f53

  • SSDEEP

    49152:tnAle83fU+Zal0kQieDL0l/7D5pKdJGwbaXUb:tnH83fU+Zauien0lPSak

  Score

  10^/10

  lummadefense_evasiondiscoverystealer

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma

  • Lumma family

    lumma

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1