MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5a35fee6cf40115046f5472085be6b769c7fdbe74d6246a9f758ca5e3e4c7662. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


LummaStealer


Vendor detections: 4


Intelligence 4 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5a35fee6cf40115046f5472085be6b769c7fdbe74d6246a9f758ca5e3e4c7662
SHA3-384 hash: 3cf6f2e1fb1d99667b2dc09ac5152e4ca52bc3e231de74251e91b1f0a0144225abbd76c5945740dee44fd55fcab4bfa9
SHA1 hash: bf805b59da0072c2b2c72006660c30bdfb1c28c3
MD5 hash: 41eb1f6ae2632b94423415d91e62a473
humanhash: river-west-carbon-high
File name:cx-programmer 9.1 free download Full.7z
Download: download sample
Signature LummaStealer
Create hunting rule
File size:15'323'987 bytes
First seen:2026-02-07 12:17:45 UTC
Last seen:Never
File type: 7z
MIME type:application/x-7z-compressed
Note:This file is a password protected archive. The password is: 5079
ssdeep 393216:LQGJmc4cWv3kv3EyX1GOUZBfyc2+r/DuJHsmv:LZdzW8zl3UL72O/DuKS
TLSH T1F1F633D14AE063EADD9E4D1E5E3E4C6092FC268A1843107776A67FD537252AEE33B301
TrID 57.1% (.7Z) 7-Zip compressed archive (v0.4) (8000/1)
42.8% (.7Z) 7-Zip compressed archive (gen) (6000/1)
Magika sevenzip
Reporter aachum
Tags:7z AsgardProtector file-pumped LummaStealer pw-5079


Avatar
iamaachum
https://media.apexdataserver2.mom/cx-programmer+9.1+free+download+Full.zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
ES ES
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:cx-programmer 9.1 free download full.exe
Pumped file This file is pumped. MalwareBazaar has de-pumped it.
File size:864'728'573 bytes
SHA256 hash: 934c3d2f66a9fbb3732854de857c87194f63a95c71b602a2c1e7753983911dbd
MD5 hash: 74110c4a3d8760dfd59e895264a7b3ff
De-pumped file size:1'747'968 bytes (Vs. original size of 864'728'573 bytes)
De-pumped SHA256 hash: 8bd174d78518bad07b3e182fff8dafa8dc3d32916461be23a80c61a5ae4b0a13
De-pumped MD5 hash: 266fa976a16903342433f3cb4ccb9288
MIME type:application/x-dosexec
Signature LummaStealer
Vendor Threat Intelligence
No detections
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69872daab1f983b8468445a4
Tags:
n/a
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/5a35fee6cf40115046f5472085be6b769c7fdbe74d6246a9f758ca5e3e4c7662
Verdict:
Unknown
File Type:
7z
Link:
https://opentip.kaspersky.com/5a35fee6cf40115046f5472085be6b769c7fdbe74d6246a9f758ca5e3e4c7662/results?tab=lookup
Verdict:
inconclusive
YARA:
3 match(es)
Tags:
7z Archive SFX 7z
Link:
https://app.malva.re/file/41eb1f6ae2632b94423415d91e62a473
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5a35fee6cf40115046f5472085be6b769c7fdbe74d6246a9f758ca5e3e4c7662/
Threat name:
Binary.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-02-07 12:18:35 UTC
File Type:
Binary (Archive)
AV detection:
3 of 24 (12.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=li275zwpiaivarxvi4qilptlo2oh7w7hjvrenkpxldff4psmozra._file
Result
Malware family:
lumma
Create hunting rule
Score:
  10/10
Tags:
family:lumma discovery persistence stealer
Link:
https://tria.ge/reports/260207-rfp2csas9c/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
System Location Discovery: System Language Discovery
Adds Run key to start application
Executes dropped EXE
Lumma Stealer, LummaC
Lumma family
Malware Config
C2 Extraction:
https://enjoyag.cyou/api
https://whitepepper.su/asds
https://hammernew.su/asdase
https://heavylussy.su/ccvfd
https://broguenko.su/asfase
https://homuncloud.su/ascasef
https://familyriwo.su/fssdaw
https://izzardtow.su/cascasc
https://basilicros.su/asdasq
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/5a35fee6cf40115046f5472085be6b769c7fdbe74d6246a9f758ca5e3e4c7662

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:detect_Redline_Stealer
Create hunting rule
Author:Varp0s

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

LummaStealer

7z 5a35fee6cf40115046f5472085be6b769c7fdbe74d6246a9f758ca5e3e4c7662

(this sample)

LummaStealer

Executable exe b96764c6a0768d3ff25518624450efc112bbb024a9627adf3c7a693a71ff3fda

  
Link
https://tria.ge/260207-n8bgwsc17e/behavioral2
  
Delivery method
Distributed via web download
  
Dropping
SHA256 b96764c6a0768d3ff25518624450efc112bbb024a9627adf3c7a693a71ff3fda
  
Dropping
MD5 653871b13f9d24d4fcd86f53f3facd9c
  
Dropping
SHA256 8bd174d78518bad07b3e182fff8dafa8dc3d32916461be23a80c61a5ae4b0a13
  
Dropping
MD5 266fa976a16903342433f3cb4ccb9288

Comments