MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 482f127885b676a2d1517e68d925eb06a05b3fc626b990f54084b129ac51df95. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

LummaStealer

Vendor detections: 13

Intelligence 13 IOCs YARA 1 File information Comments

SHA256 hash:	482f127885b676a2d1517e68d925eb06a05b3fc626b990f54084b129ac51df95
SHA3-384 hash:	a5b5065a78835c71eafc90f125704e54b2a85084272c088d2bb5f5cb921ce70de5651c4bcdd66fe4a56d4a77dfdb0366
SHA1 hash:	eb9afe0a644f51dc9b8b893e34b0ca598d7b945a
MD5 hash:	89e25a8b7701914e63c11aeed4424f5e
humanhash:	vegan-may-wisconsin-venus
File name:	482f127885b676a2d1517e68d925eb06a05b3fc626b990f54084b129ac51df95
Download:	download sample
Signature	LummaStealer Create hunting rule
File size:	1'080'906 bytes
First seen:	2026-02-04 13:18:14 UTC
Last seen:	2026-02-04 14:26:05 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	32f3282581436269b3a75b6675fe3e08 (198 x LummaStealer, 123 x Rhadamanthys, 8 x CoinMiner)
ssdeep	24576:Hlg3UtfVWX04FSLDb7exUT5Rg9CFNaMkVT1baOSg2oVW1j1N:e3Utff4Mz7exAUIkbaKdW1j1N
Threatray	1'468 similar samples on MalwareBazaar
TLSH	T1C73523E6BFD684F5D3A225B3043053A39BA3F9674825C93B6F054E5EFD30A908A14E17
TrID	47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 15.9% (.EXE) Win64 Executable (generic) (10522/11/4) 9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 7.6% (.EXE) Win16 NE executable (generic) (5038/12/1) 6.8% (.EXE) Win32 Executable (generic) (4504/4/1)
Magika	pebin
Reporter	adrian__luca
Tags:	exe LummaStealer

Intelligence

File Origin

# of uploads :

# of downloads :

143

Origin country :

Vendor Threat Intelligence

No detections

Malware family:

n/a

ID:

File name:

482f127885b676a2d1517e68d925eb06a05b3fc626b990f54084b129ac51df95

Verdict:

Malicious activity

Analysis date:

2026-02-04 13:17:07 UTC

Tags:

autoit lumma stealer telegram

Link:

https://app.any.run/tasks/03337335-4475-4a59-bd7e-a30b3a2e283e

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

Lumma

Link:

https://www.capesandbox.com/analysis/51692/

Verdict:

Malicious

Score:

99.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=698347236b1af47db72ccd5e

Tags:

autoit emotet

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

anti-debug blackhole infostealer installer installer installer-heuristic microsoft_visual_cc nsis soft-404

Link:

https://www.filescan.io/uploads/69834720c9bfb60ece1b62d4/reports/f90e3d63-9c2a-4b58-b544-de7907da0ea7/overview

Verdict:

Malicious

Labled as:

Infostealer/LummaC2

Link:

https://www.hybrid-analysis.com/sample/482f127885b676a2d1517e68d925eb06a05b3fc626b990f54084b129ac51df95

Result

Gathering data

Verdict:

Malicious

File Type:

exe x32

Link:

https://opentip.kaspersky.com/482f127885b676a2d1517e68d925eb06a05b3fc626b990f54084b129ac51df95/results?tab=lookup

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/4730188a-9e67-474c-87de-2092711e21c5

Score:

92%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/482f127885b676a2d1517e68d925eb06a05b3fc626b990f54084b129ac51df95

Verdict:

inconclusive

YARA:

5 match(es)

Tags:

Executable NSIS Installer PE (Portable Executable) PE Memory-Mapped (Dump)

Link:

https://app.malva.re/file/89e25a8b7701914e63c11aeed4424f5e

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/482f127885b676a2d1517e68d925eb06a05b3fc626b990f54084b129ac51df95/

Verdict:

Malicious

Threat:

Family.LUMMA

Link:

https://tip.neiki.dev/file/482f127885b676a2d1517e68d925eb06a05b3fc626b990f54084b129ac51df95

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=jaxre6efwz3kfukrpzunsjpla2qfwp6ge24zb5kaqsystlcr36kq._file

Verdict:

malicious

Label(s):

lummastealer

LummaStealer

5198e4990bdd2cf13a830a459b2309ae8b3e6fbfdd4a8aef599037d82c5a07bf

LummaStealer

654ef3d3358fce7ef7794491c00e0c124bea10db5a1e5307ca1c86fbde075d11

LummaStealer

6e85fc9c4f8a1c79c47d2efd739dd934935cbc53f61a58a9d607b880484594c7

LummaStealer

844c22e3f24d8a841650d76cc626c92debb5aec830f374051c084d5a6e4e91f6

LummaStealer

88556db83f38d96d84a7a03aa667a66f25d5e6d3b71557db346f48eba429ca00

LummaStealer

9dcf1dc152d3fa423c4d9d0ccac98ef54a4e5b43d02ee87d596fa0b772d62394

LummaStealer

cb774e320ab20fb9cbe2eb4ae7796b033823c5a20e15ac32ef254ac0a08c1a17

LummaStealer

cc54d67762bef5bfe5633dd9474b6667bf6a792d9e1335a2fce17b9d9c54659a

LummaStealer

cd00e9684bb6a8b2b5ea0699b89cb251221c343cfb6ab3f6ec57525b349fc25f

LummaStealer

error

LummaStealer

+ 1'458 additional samples on MalwareBazaar

Result

Malware family:

lumma

Score:

10/10

Tags:

family:lumma discovery stealer

Link:

https://tria.ge/reports/260204-qj5esac13d/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Drops file in Windows directory

Enumerates processes with tasklist

Deletes itself

Executes dropped EXE

Loads dropped DLL

Lumma Stealer, LummaC

Lumma family

Malware Config

C2 Extraction:

https://t.me/markosipin19
https://maszgn.club/atuw
https://mastwin.in/qsaz
https://ordinarniyvrach.ru/xiur
https://yamakrug.ru/lzka
https://vishneviyjazz.ru/neco
https://yrokistorii.ru/uqya
https://stolewnica.ru/xjuf
https://visokiywkaf.ru/mmtn
https://kletkamozga.ru/iwyq

Unpacked files

SH256 hash:

482f127885b676a2d1517e68d925eb06a05b3fc626b990f54084b129ac51df95

MD5 hash:

89e25a8b7701914e63c11aeed4424f5e

SHA1 hash:

eb9afe0a644f51dc9b8b893e34b0ca598d7b945a

Link:

https://www.unpac.me/results/bb30bc67-08ea-4e2c-8238-d655675f5661/

SH256 hash:

bb4fb924885b8d6719cb88e7f231abcbb7c2a1c69be92a12ce7bb56bed9129e3

MD5 hash:

094ae615109634f48bede4a612e36fc8

SHA1 hash:

a8b8cbf4d8a7f368b3ae53090bab40a2793657eb

Link:

https://www.unpac.me/results/bb30bc67-08ea-4e2c-8238-d655675f5661/

SH256 hash:

8165c7aef7de3d3e0549776535bedc380ad9be7bb85e60ad6436f71528d092af

MD5 hash:

08e9796ca20c5fc5076e3ac05fb5709a

SHA1 hash:

07971d52dcbaa1054060073571ced046347177f7

Link:

https://www.unpac.me/results/bb30bc67-08ea-4e2c-8238-d655675f5661/

SH256 hash:

baf97140da4e17783151b35dd09ef2ad9fe9b11dd4ec4b6748f97b0e2d775eff

MD5 hash:

8e541b7986870792ea3c2f7f406a6f4e

SHA1 hash:

b39f6800b63bfa913b16b0d4c5b0ada4b98edeec

Link:

https://www.unpac.me/results/bb30bc67-08ea-4e2c-8238-d655675f5661/

Malware family:

Lumma

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/482f127885b6/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	Detect_NSIS_Nullsoft_Installer Create hunting rule
Author:	Obscurity Labs LLC
Description:	Detects NSIS installers by .ndata section + NSIS header string

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/51692/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample