Sign Up!

To avoid falling victim to scammers when making deals with sellers on the DWM (DarkWebMarket) platform, use the official Escrow Service.

@Dwmguarantor

Telegram communication!

You can also contact the guarantor in Telegram

Malware

A group blog by Malware in HACK

Followers 1

entries
2
comments
4
views
549

Contributors to this blog

Lumma stealer uses trigonometry to evade detection

Entry posted by LummaMalware in malware August 14

247 views

Followers 1

The Lumma malware, which steals information from its victims' systems, employs a unique tactic for evading detection. It measures mouse movements using trigonometry to determine if it's operating on a real machine or a sandbox.

Lumma (also known as LummaC2) is an infostealer available through subscription, priced between $250 and $1000. This malware can extract data from browsers and applications on Windows 7-11, including passwords, cookies, credit card information, and cryptocurrency wallet details. This malware family first appeared on hacker forums in December 2022 and quickly gained popularity within the hacking community.

According to a recent report by Outpost24 analysts, the latest version, Lumma 4.0, has undergone significant changes in its evasion and automatic analysis techniques.

In addition to obfuscation, XOR encryption of strings, support for dynamic configuration files, and mandatory encryption in all builds, the malware monitors mouse movements to discern whether a real person is using the computer.

To achieve this, Lumma tracks cursor positions using the GetCursor() function, recording five different positions at 50-millisecond intervals (P0, P1, P2, P3, P4)

Then trigonometry comes into play: the malware treats the collected position data as vectors, calculating the angles and magnitudes formed by the movements.

If the angles between the vectors are less than 45 degrees, Lumma assumes that the movements are not programmatically emulated and continues its operation. However, if the angles are 45 degrees or greater, the malware terminates all malicious activities but continues to monitor mouse movements until it detects human-like actions.

Researchers believe that the 45-degree angle is an arbitrary value chosen by the malware developers based on empirical data or analysis of automated analysis tools.

Another interesting feature of Lumma is its use of a crypter to protect the malware executable from leaks. The malware automatically checks for a specific value in the executable file to determine if it is encrypted, and issues a warning if it is not.

dawwa and uzi
1
1

Followers 1

2 Comments

Recommended Comments

haplin09 2

Posted August 14

LummaC2’s customization options are killer. I’ve optimized it to rake in serious cash

dawwa
1

Link to comment

dawwa 25

Posted August 14

9 hours ago, haplin09 said:

LummaC2’s customization options are killer. I’ve optimized it to rake in serious cash

By using trigonometry to analyze mouse movements via the GetCursor() function, it cleverly differentiates between real users and sandboxes. Its ability to avoid detection through XOR encryption, dynamic configs, and continuous mouse tracking showcases its sophisticated approach.

Link to comment

Similar Content
- Vineyard | Passive income | Automatic Robux Clothing Uploader | Long Term Investment | 🍇
  
  By bannity, September 11
  - robux
  - roblox
  - (and 9 more)
    
    Tagged with:
    
    robux
    
    roblox
    
    investing
    
    usd
    
    ltc
    
    eth
    
    btc
    
    crypto
    
    money
    
    moneymaker
    
    passive income
  - 14 replies
  - 777 views
- HACK WhatsApp, IG, X, FACEBOOK - by INFORMER. Fast. Reliable. Social networks / emails / Messengers 1 2 3 4 9
  
  By INF, March 25, 2019
  - youtube
  - ig
  - (and 7 more)
    
    Tagged with:
    
    youtube
    
    ig
    
    x
    
    whatsapp
    
    smm
    
    panel
    
    hack
    
    crypto
    
    drainer
  - 171 replies
  - 302,331 views
- CRYPTOSCAM CORP #1 | BOTNET | the best conditions and tools for work
  
  By BOTNET, August 11
  - crypto
  - scam
  - (and 3 more)
    
    Tagged with:
    
    crypto
    
    scam
    
    botnet
    
    drainer
    
    malware
  - 6 replies
  - 156 views
- DATA / Databases from DATA-HUB / crypto/forex/physicals
  
  By DataHUB, August 14
  - data
  - bases
  - (and 1 more)
    
    Tagged with:
    
    data
    
    bases
    
    crypto
  - 0 replies
  - 156 views
- REDSKULL RANSOMWARE 2022: Unveiling the Latest Threat in Cyber Extortion
  
  By haplin09, August 14
  - malware
  - crypto
  - (and 1 more)
    
    Tagged with:
    
    malware
    
    crypto
    
    ransomware
  - 0 replies
  - 110 views
Recently Browsing 0 members
- No registered users viewing this page.

FreeCurrencyRates.com

Popular Contributors
- Week
- Month
- Year
- All Time
Nobody has received reputation this week.
Blogs
- Lumma stealer uses trigonometry to evade detection
  
  By LummaMalware in Malware
  2 comments
- How Hackers Attack WiFi Networks: Explained and Protected
  
  By ESCROW SERVICE in TRADING
  1 comment
- Revolutionizing Retail Trading: Live Crypto Trading and Strategies
  
  By SELLACC in CRYPTO
  1 comment
- Best and Worst Ways to Invite People to a Telegram Channel
  
  By ESCROW SERVICE in SHILLING
  1 comment
- The Surge of Lumma: The Info-Stealer Revolutionizing Malware-as-a-Service
  
  By ESCROW SERVICE in Malware
  2 comments
- Unleashing the Power of True DeFi: Behind the Scenes of the Underdog Investor Group
  
  By SELLACC in CRYPTO
  1 comment
- Why do people get punished for inviting others on Telegram?
  
  By ESCROW SERVICE in SHILLING
  1 comment
- The Importance of Sword and Magic World in the Gaming Community
  
  By SELLACC in NFT
  0 comments
- 5 Games to Watch in January 2024
  
  By SELLACC in NFT
  0 comments
- Capitalizing on Crypto Opportunities: A Trader's Perspective
  
  By SELLACC in CRYPTO
  0 comments
Videos
Blog Comments
- Lumma stealer uses trigonometry to evade detection
  
  By dawwa · Posted August 14
  
  By using trigonometry to analyze mouse movements via the GetCursor() function, it cleverly differentiates between real users and sandboxes. Its ability to avoid detection through XOR encryption, dynamic configs, and continuous mouse tracking showcases its sophisticated approach.
- How Hackers Attack WiFi Networks: Explained and Protected
  
  By GriG7 · Posted August 14
  
  Seriously? Hacking WiFi in a coffee shop? Sounds more like a hacker movie script than real life. Ethical hacking only, folks!
- Revolutionizing Retail Trading: Live Crypto Trading and Strategies
  
  By GriG7 · Posted August 14
  
  Diving into live crypto trading? Our strategies just netted $10k in a week! We’re all about real-time trades, top indicators, and a system that locks in profits gradually. Follow our moves, get the insider scoop, and watch your gains grow.
- Best and Worst Ways to Invite People to a Telegram Channel
  
  By pir · Posted August 14
  
  There’s no trick to adding over 200 users to a channel—it's capped. If you're seeing big numbers, it’s likely due to being approved en masse or a channel overhaul. No bugs, just standard procedures and channel management strategies at play.
- The Surge of Lumma: The Info-Stealer Revolutionizing Malware-as-a-Service
  
  By DataHUB · Posted August 14
  
  I've seen used! Cool tool 😎

TOR LINK

dstor3guxi7zqmmwgds5itdt5c4u3btq4aravrgajewmhlyr5xazkpyd.onion

To enter the onion domain of the site, you need to install the TOR browser. After that you can go to our mirror

Clearnet mirrors

darkwebmarket.xyz

darkwebmarket.online

darkwebmarket.lol

darkwebmarket.cloud

darkwebmarket.guru

darkwebmarket.sbs

darkwebmarket.ink

darkwebmarket.fun

darkwebmarket.world

darkwebmarket.club

darkwebmarket.pro

Resources in Telegram

@Dwmguarantor

@darkwebmarket_cc

@CyberFinanceNews

@hacker_news_feed

The user regularly conducts transactions through the service guarantor and has positive trading statistics on the site. Most likely he can be trusted and work directly. With the rules of work through the guarantor you can familiarize yourself here. CLICK

The user has not conducted a single transaction through the guarantor. You can read about the rules of working through a guarantor here. CLICK

The user has made a security deposit on the forum. He is a verified seller and guaranteed to conduct all transactions through the guarantee service. You can read more about the deposit system here. CLICK

The user has no security deposit on the forum, when working with him do not send prepayments and always involve the guarantor in transactions. You can read more about the deposit system here. CLICK

The user's status is "UNVERIFIED" indicating that he has not verified his account on the Darknet. You can pass verification by providing positive reviews and recommendations about yourself. You can read more about how to check patency. CLICK .

The user status "VERIFIED" indicates that the seller has been verified by the Forum Administration. You can read more about how to pass the verification here. CLICK .

Depository
Autoguarantor
ADV
RULES
Videos
Blogs
Forums
More
- Back
- Events
- Leaderboard
- Online Users
- Downloads
- Staff
- All Activity
- Search
- NFT
- Clubs
- Forums

Create New...

Sign In

Sign Up!

Telegram communication!

2 Comments

Recommended Comments

Link to comment

Link to comment

Similar Content

Recently Browsing 0 members

Popular Contributors

Blogs

Videos

Blog Comments