MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4c329bdcdbb6e836ea8f8d71a02e601d0e3643172e15e2c610015f881eacc535. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


LummaStealer


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4c329bdcdbb6e836ea8f8d71a02e601d0e3643172e15e2c610015f881eacc535
SHA3-384 hash: b99af2278b919a11e5646ea2a19b0bbe0dcbb7f0dcddb83ad679a266cc7f110218a82a474ea2894edc9af6f552233bbe
SHA1 hash: d94ae0311429c2f865a190199b4cbe6597fe883e
MD5 hash: ce1a7a14bf0e15545df02619e3b7decc
humanhash: mike-jig-kitten-mars
File name:giga.zip
Download: download sample
Signature LummaStealer
Create hunting rule
File size:1'155'350 bytes
First seen:2024-09-25 14:18:14 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:NRcKm9Cq7G25ekuwlXlIEfLM/KKSbbuVIE91PL:NRcf9d66gwNeKKSbbqNL
TLSH T1A535025DD9C33EE9CA688E35E0523FB46610DC14B8338AB307155EDA6FEB654CE1309A
Magika zip
Reporter NDA0E
Tags:LummaStealer zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
464
Origin country :
NL NL
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:KneeMarking.exe
File size:92'274'688 bytes
SHA256 hash: 9fcb457a89551c5ab94303779ebfc4737bd74be935a1ac68cda0d22bb51b3202
MD5 hash: 2857272927b6bb6d2ca396778b859b2d
MIME type:application/x-dosexec
Signature LummaStealer
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.PUA.HEUR.Downloader.NSIS.AdLoad.gen.254.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
90.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=66f41bdcc5ef4567b6c998d3
Tags:
Banker Discovery Encryption Execution Network Trojan Dexter Infosteal Exploit Sage Tori
Result
Verdict:
Suspicious
File Type:
PE File
Link:
https://app.docguard.net/4c329bdcdbb6e836ea8f8d71a02e601d0e3643172e15e2c610015f881eacc535/results/dashboard
Behaviour
BlacklistAPI detected
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
lolbin overlay shell32
Link:
https://www.filescan.io/uploads/66f41bdf7a71e61ac30f6cf7/reports/58e38a4c-1917-4810-a19d-2c298509a1b4/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/4c329bdcdbb6e836ea8f8d71a02e601d0e3643172e15e2c610015f881eacc535
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/4c329bdcdbb6e836ea8f8d71a02e601d0e3643172e15e2c610015f881eacc535
Score:
99%
Verdict:
Malware
File Type:
ARCHIVE
Link:
https://malprob.io/report/4c329bdcdbb6e836ea8f8d71a02e601d0e3643172e15e2c610015f881eacc535
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4c329bdcdbb6e836ea8f8d71a02e601d0e3643172e15e2c610015f881eacc535/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2024-09-23 06:47:10 UTC
File Type:
Binary (Archive)
Extracted files:
13
AV detection:
14 of 24 (58.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jqzjxxg3w3udn2uprvy2altaduhdmqyxfyk6frqqafpyqhvmyu2q._file
Result
Malware family:
lumma
Create hunting rule
Score:
  10/10
Tags:
family:lumma discovery spyware stealer
Link:
https://tria.ge/reports/240925-rynw1s1aln/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Drops file in Windows directory
Enumerates processes with tasklist
Suspicious use of SetThreadContext
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks computer location settings
Executes dropped EXE
Loads dropped DLL
Lumma Stealer, LummaC
Malware Config
C2 Extraction:
https://performenj.shop/api
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/4c329bdcdbb6e836ea8f8d71a02e601d0e3643172e15e2c610015f881eacc535

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

LummaStealer

zip 4c329bdcdbb6e836ea8f8d71a02e601d0e3643172e15e2c610015f881eacc535

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3191088/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3191174/

Comments