MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 569728aad7692c31eca3dd20fa816c676d29381f748b0db5997bd0c64747dfcd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

LummaStealer

Vendor detections: 8

Intelligence 8 IOCs YARA 2 File information Comments

SHA256 hash:	569728aad7692c31eca3dd20fa816c676d29381f748b0db5997bd0c64747dfcd
SHA3-384 hash:	523dc1a39600cc7f7e4e74dd40f51fbe1b1dbd9b5c6ec4d44af6047d9fbb71fede1cc125f4678d63c892425c33d15298
SHA1 hash:	378666d04266477aa92cf0abd5e5e4f3f3c6cead
MD5 hash:	02c00d9ae8f58dc9d1cc5b6bb18bcffc
humanhash:	timing-seven-ceiling-undress
File name:	script.a3x
Download:	download sample
Signature	LummaStealer Create hunting rule
File size:	491'183 bytes
First seen:	2024-08-24 20:46:09 UTC
Last seen:	Never
File type:
MIME type:	application/octet-stream
ssdeep	12288:6LYU2HwINovV3zFQaMVYxUznyHs73hS6Hw2YDQE:6LnotNAFQH6ULyHx6HwTDQE
TLSH	T127A4CE3CA46B4113B7A24558ABC65029F0E9B9FCF5559333BC3783E6D5C12BEA420ED8
Magika	unknown
Reporter	aachum
Tags:	a3x LummaStealer

iamaachum

https://pub-9c4ec7f3f95c448b85e464d2b533aac1.r2.dev/kjer.zip

Lumma C2:
https://scenarriotdpq.shop/api
https://locatedblsoqp.shop/api
https://traineiwnqo.shop/api
https://condedqpwqm.shop/api
https://millyscroqwp.shop/api
https://stagedchheiqwo.shop/api
https://stamppreewntnq.shop/api
https://caffegclasiqwp.shop/api
https://tenntysjuxmz.shop/api

Intelligence

File Origin

# of uploads :

# of downloads :

101

Origin country :

Vendor Threat Intelligence

Detection(s):

MiscreantPunch.SingleXOR.EXE.214.UNOFFICIAL

Verdict:

Malicious

Score:

90.2%

Link:

https://cyber-fortress.com/docs/result/index.php?id=66caf618b2a4681a729692cc

Tags:

Heur

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

anti-vm anti-vm masquerade monero obfuscated

Link:

https://www.filescan.io/uploads/66ca46c708735172956c4533/reports/18acad9a-691a-4cf1-9c7b-58fd14a6c4fd/overview

Verdict:

Malicious

Labled as:

AIT.Acapulco.2.2C2C5F57

Link:

https://www.hybrid-analysis.com/sample/569728aad7692c31eca3dd20fa816c676d29381f748b0db5997bd0c64747dfcd

Result

Verdict:

MALICIOUS

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/569728aad7692c31eca3dd20fa816c676d29381f748b0db5997bd0c64747dfcd/

Threat name:

Binary.Trojan.Generic

Status:

Suspicious

First seen:

2024-08-24 21:01:49 UTC

File Type:

Binary

Extracted files:

AV detection:

5 of 24 (20.83%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=k2lsrkwxnewdd3fd3uqpvalmm5wssoa7osfq3nmzppimmr2h37gq._file

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/569728aad7692c31eca3dd20fa816c676d29381f748b0db5997bd0c64747dfcd

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	AutoIT_Script Create hunting rule
Author:	@bartblaze
Description:	Identifies AutoIT script. This rule by itself does NOT necessarily mean the detected file is malicious.

Rule name:	SUSP_XORed_MSDOS_Stub_Message Create hunting rule
Author:	Florian Roth
Description:	Detects suspicious XORed MSDOS stub message
Reference:	https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings