ALERT!
Click here to register with a few steps and explore all our cool stuff we have to offer!
  1. Home
  2. Coding
  3. C/C++
  4. [C++] Anti-Sandbox using trigonometry - Lumma 4.0 method / FUD
Patched.to
C/C++

[C++] Anti-Sandbox using trigonometry - Lumma 4.0 method / FUD

Submitted by THC at 15-04-2025, 06:08 PM


[C++] Anti-Sandbox using trigonometry - Lumma 4.0 method / FUD
1.282 Views
THC's Avatar'
THC
Away
THC Away
12 Rep
W e e D
Banned
Posts: 140
Threads: 47
Joined: Mar 2025
Vouches 0
Credits: 0
Two-Factor Authentication
New Poster
#1
OP  Posted at 15-04-2025, 06:08 PM
This presents an anti-sandbox technique used by the LummaC2 v4.0 malware, which employs trigonometry to detect mouse movements consistent with human behavior, this avoiding execution in sandbox environments.

The technique involves capturing the mouse position at regular intervals and calculating the angles between vectors formed by these positions. If the calculated angles are smaller than a predefined threshold, the movement is considered "human," and the malware continues execution. Otherwise, the malware restarts the verification.

Initially, the malware checks if any cursor movement occurred. The malware captures the initial mouse position, and after a 300-millisecond interval, captures the new position. If the new position differs from the initial one, it indicates that mouse movement occurred. If no movement is detected, the process restarts.
[Image: LEECHER-Moon-Monster.gif]

[ Hidden Content! ]
You must register or login to view this content.
Find
0
Reply
popajean's Avatar'
popajean
Offline
popajean Offline
0 Rep
Member
Member
Posts: 31
Threads: 0
Joined: Apr 2025
Vouches 0
Credits: 0
#2
Posted at 15-04-2025, 07:01 PM
vdgdf gfgedfg gefger gergerwg
Find
0
Reply
CallMeKira's Avatar'
CallMeKira
Offline
CallMeKira Offline
0 Rep
Member
Member
Posts: 68
Threads: 0
Joined: Nov 2024
Vouches 0
Credits: 0
#3
Posted at 15-04-2025, 08:52 PM
lets have a look
Find
0
Reply
Adl's Avatar'
Adl
Offline
Adl Offline
0 Rep
Member
Member
Posts: 21
Threads: 2
Joined: May 2025
Vouches 0
Credits: 0
#4
Posted at 18-05-2025, 01:07 PM
thank you
Find
0
Reply
eevkt's Avatar'
eevkt
Offline
eevkt Offline
0 Rep
Member
Member
Posts: 22
Threads: 0
Joined: Apr 2025
Vouches 0
Credits: 0
#5
Posted at 19-05-2025, 12:50 AM
15-04-2025, 06:08 PM THC Wrote:
This presents an anti-sandbox technique used by the LummaC2 v4.0 malware, which employs trigonometry to detect mouse movements consistent with human behavior, this avoiding execution in sandbox environments.

The technique involves capturing the mouse position at regular intervals and calculating the angles between vectors formed by these positions. If the calculated angles are smaller than a predefined threshold, the movement is considered "human," and the malware continues execution. Otherwise, the malware restarts the verification.

Initially, the malware checks if any cursor movement occurred. The malware captures the initial mouse position, and after a 300-millisecond interval, captures the new position. If the new position differs from the initial one, it indicates that mouse movement occurred. If no movement is detected, the process restarts.
[Image: LEECHER-Moon-Monster.gif]
Idk if it work
Find
0
Reply
devilmare's Avatar'
devilmare
Offline
devilmare Offline
0 Rep
Member
Member
Posts: 7
Threads: 0
Joined: May 2025
Vouches 0
Credits: 0
#6
Posted at 19-05-2025, 05:44 PM
15-04-2025, 06:08 PM THC Wrote:
This presents an anti-sandbox technique used by the LummaC2 v4.0 malware, which employs trigonometry to detect mouse movements consistent with human behavior, this avoiding execution in sandbox environments.

The technique involves capturing the mouse position at regular intervals and calculating the angles between vectors formed by these positions. If the calculated angles are smaller than a predefined threshold, the movement is considered "human," and the malware continues execution. Otherwise, the malware restarts the verification.

Initially, the malware checks if any cursor movement occurred. The malware captures the initial mouse position, and after a 300-millisecond interval, captures the new position. If the new position differs from the initial one, it indicates that mouse movement occurred. If no movement is detected, the process restarts.
[Image: LEECHER-Moon-Monster.gif]
thansdfsd
Find
0
Reply
Redbull93's Avatar'
Redbull93
Offline
Redbull93 Offline
7 Rep
Member
Member
Posts: 134
Threads: 54
Joined: May 2025
Vouches 1
Credits: 0
New Poster
Noble
#7
Posted at 30-05-2025, 02:44 AM
How area and
My shop: https://t.me/Nuclear27
Tag : @Alexandercazez
Find
0
Reply
authlest's Avatar'
authlest
Offline
authlest Offline
0 Rep
Member
Member
Posts: 68
Threads: 0
Joined: Jul 2024
Vouches 0
Credits: 0
#8
Posted at 01-06-2025, 01:13 AM
15-04-2025, 06:08 PM THC Wrote:
This presents an anti-sandbox technique used by the LummaC2 v4.0 malware, which employs trigonometry to detect mouse movements consistent with human behavior, this avoiding execution in sandbox environments.

The technique involves capturing the mouse position at regular intervals and calculating the angles between vectors formed by these positions. If the calculated angles are smaller than a predefined threshold, the movement is considered "human," and the malware continues execution. Otherwise, the malware restarts the verification.

Initially, the malware checks if any cursor movement occurred. The malware captures the initial mouse position, and after a 300-millisecond interval, captures the new position. If the new position differs from the initial one, it indicates that mouse movement occurred. If no movement is detected, the process restarts.
[Image: LEECHER-Moon-Monster.gif]
.0 method / FUD
Find
0
Reply



Users browsing this thread: 1 Guest(s)