MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 42d624f5eabbfd15f62c708eeb6b4d4a9add4b2f09e7e1b37177be608d8dd7cc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


LummaStealer


Vendor detections: 6


Intelligence 6 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 42d624f5eabbfd15f62c708eeb6b4d4a9add4b2f09e7e1b37177be608d8dd7cc
SHA3-384 hash: 1fa043ed302adcc148deaa16bf0948eba07b82763f11077844a8e8f34d3b01fb073c3cc83681b60e9ee91ec3f17b5d02
SHA1 hash: 429fd8eb3a6e3410437452e786bac8458120b52a
MD5 hash: c2a887ef8ee708ef5c017055479d30a0
humanhash: yankee-oklahoma-november-seventeen
File name:application (2).7z
Download: download sample
Signature LummaStealer
Create hunting rule
File size:13'274'780 bytes
First seen:2025-12-31 05:03:05 UTC
Last seen:Never
File type: 7z
MIME type:application/x-7z-compressed
ssdeep 196608:TnZJt6TB2qJ/Od7vnmc8xGJzHe2zKPJfgYApDtXyUS5O4CGrIlYfwhrnimJn:DwBIhp8kJzLujUYcLGk+fwhHV
TLSH T1FED6339FE8132F5AC331D19B1ADAD9243DD641BE9F92AF17712930939FC2486B02650F
Magika sevenzip
Reporter zhuzhu0009
Tags:7z file-pumped LummaStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
53
Origin country :
SG SG
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:application.exe
Pumped file This file is pumped. MalwareBazaar has de-pumped it.
File size:845'604'372 bytes
SHA256 hash: 0f14b838a05d7896acd62c5d3f90223d8e559598e1483183e5fc77919e85f823
MD5 hash: a81f37d08c4becee81c508b3d746ca9c
De-pumped file size:1'500'160 bytes (Vs. original size of 845'604'372 bytes)
De-pumped SHA256 hash: 6a4987c95a9eff9a18e482a590096a6538836dbb2740f5ef46df6e0f4a0264f2
De-pumped MD5 hash: 6c4c18a318bef0bf5e220322e25f4a62
MIME type:application/x-dosexec
Signature LummaStealer
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Score:
94.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6954aeaed2357cccc3de14d4
Tags:
phishing autoit emotet
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
adaptive-context anti-vm autoit CAB expand installer installer installer-heuristic large-file lolbin microsoft_visual_cc overlay packed rundll32 runonce sfx
Link:
https://www.filescan.io/uploads/6954ae9d127d6a14e0c9a297/reports/81d0cc8d-f9f9-49a9-a758-a2700153befc/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/42d624f5eabbfd15f62c708eeb6b4d4a9add4b2f09e7e1b37177be608d8dd7cc
Result
Gathering data
Score:
41%
Verdict:
Susipicious
File Type:
ARCHIVE
Link:
https://malprob.io/report/42d624f5eabbfd15f62c708eeb6b4d4a9add4b2f09e7e1b37177be608d8dd7cc
Verdict:
Malware
YARA:
4 match(es)
Tags:
.Net 7z Archive AutoIt Executable PDB Path PE (Portable Executable) PE File Layout SFX 7z SVG SVG with Script WSF File
Link:
https://app.malva.re/file/c2a887ef8ee708ef5c017055479d30a0
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/42d624f5eabbfd15f62c708eeb6b4d4a9add4b2f09e7e1b37177be608d8dd7cc/
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=illcj5pkxp6rl5rmochow22njknn2szpbht6dm3ro67gbdmn27ga._file
Gathering data
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/42d624f5eabbfd15f62c708eeb6b4d4a9add4b2f09e7e1b37177be608d8dd7cc

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:AutoIT_Script
Create hunting rule
Author:@bartblaze
Description:Identifies AutoIT script. This rule by itself does NOT necessarily mean the detected file is malicious.
Rule name:detect_Redline_Stealer
Create hunting rule
Author:Varp0s

File information

The table below shows additional information about this malware sample such as delivery method and external references.

LummaStealer

7z 42d624f5eabbfd15f62c708eeb6b4d4a9add4b2f09e7e1b37177be608d8dd7cc

(this sample)

LummaStealer

Executable exe 6a4987c95a9eff9a18e482a590096a6538836dbb2740f5ef46df6e0f4a0264f2

  
Dropping
SHA256 6a4987c95a9eff9a18e482a590096a6538836dbb2740f5ef46df6e0f4a0264f2
  
Dropping
MD5 6c4c18a318bef0bf5e220322e25f4a62

Comments