MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 67c3f6d42f682af4f47f796521afc3529ea918b0a4ca51f09c21591afa82b7c7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

LummaStealer

Vendor detections: 13

Intelligence 13 IOCs YARA 16 File information Comments

SHA256 hash:	67c3f6d42f682af4f47f796521afc3529ea918b0a4ca51f09c21591afa82b7c7
SHA3-384 hash:	3e4cd70a1f4aa0e6e8dfaf7b4851465bbae91f9439dee1258cb8bf2721b4736bb37d84855707c61256badb6cea82708f
SHA1 hash:	e1fb8d706ba9bf56405dfc989a9424b507a724ee
MD5 hash:	fa07f32a59bbc8421c39b6d88de213f2
humanhash:	carbon-mexico-friend-winner
File name:	SecuriteInfo.com.Win64.Evo-gen.25807.29910
Download:	download sample
Signature	LummaStealer Create hunting rule
File size:	1'632'176 bytes
First seen:	2025-06-26 15:20:33 UTC
Last seen:	2025-06-26 16:19:45 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	c7269d59926fa4252270f407e4dab043 (45 x Hive, 23 x ServHelper, 22 x CobaltStrike)
ssdeep	24576:U0hKQqDNod3sGcYEBuEcV32eWKhpf9niCgghghwBEKRK1X2:U0hKQqDa38JEEcV32Kh3NgYghsRK1G
Threatray	19 similar samples on MalwareBazaar
TLSH	T10B757C477CD114B9C0BAC13088A5A3D97722F8E6133123D72E51A6B90EBA7D41FB9B5C
gimphash	e1deaaf80b13fee1d2d26981b4d0817811f8674a7230e1c1103161ec3dfce1d9
TrID	48.7% (.EXE) Win64 Executable (generic) (10522/11/4) 23.3% (.EXE) Win16 NE executable (generic) (5038/12/1) 9.3% (.EXE) OS/2 Executable (generic) (2029/13) 9.2% (.EXE) Generic Win/DOS Executable (2002/3) 9.2% (.EXE) DOS Executable Generic (2000/1)
Magika	pebin
dhash icon	c48244e4a4ac82c4 (3 x LummaStealer, 1 x RemcosRAT, 1 x RustyStealer)
Reporter	SecuriteInfoCom
Tags:	exe LummaStealer

Intelligence

File Origin

# of uploads :

# of downloads :

370

Origin country :

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

SecuriteInfo.com.Win64.Evo-gen.25807.29910

Verdict:

Malicious activity

Analysis date:

2025-06-26 15:21:39 UTC

Tags:

golang lumma stealer

Link:

https://app.any.run/tasks/dfa58dfc-0b24-4ed0-b103-f2995834945a

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/11264/

Detection(s):

SecuriteInfo.com.Win64.Evo-gen.25807.29910.UNOFFICIAL

Verdict:

Clean

Score:

89.3%

Link:

https://cyber-fortress.com/docs/result/index.php?id=685d655232ed47a3a8d781a7

Tags:

n/a

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a file

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

anti-vm golang invalid-signature overlay signed

Link:

https://www.filescan.io/uploads/685d65c18cd0d23e5be85af1/reports/77fe2583-4779-4159-aa8d-3dd331313fb6/overview

Verdict:

Malicious

Labled as:

Win/malicious_confidence_90%

Link:

https://www.hybrid-analysis.com/sample/67c3f6d42f682af4f47f796521afc3529ea918b0a4ca51f09c21591afa82b7c7

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/726f7f6d-a3a1-4ec9-b701-0cd67d8ccd3e

Score:

45%

Verdict:

Susipicious

File Type:

Link:

https://malprob.io/report/67c3f6d42f682af4f47f796521afc3529ea918b0a4ca51f09c21591afa82b7c7

Verdict:

inconclusive

YARA:

4 match(es)

Tags:

Executable PE (Portable Executable) Win 64 Exe x64

Link:

https://app.malva.re/file/fa07f32a59bbc8421c39b6d88de213f2

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/67c3f6d42f682af4f47f796521afc3529ea918b0a4ca51f09c21591afa82b7c7/

Verdict:

Malicious

Link:

https://tip.neiki.dev/file/67c3f6d42f682af4f47f796521afc3529ea918b0a4ca51f09c21591afa82b7c7

Threat name:

Win64.Trojan.Egairtigado

Status:

Malicious

First seen:

2025-06-26 12:06:53 UTC

File Type:

PE+ (Exe)

Extracted files:

AV detection:

19 of 24 (79.17%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=m7b7nvbpnavpj5d7pfssdl6dkkpksgfqutffd4e4efmrv6ucw7dq._file

Verdict:

malicious

Label(s):

lummastealer

LummaStealer

556eaf27dd7c9d5b1949766151b83035625e11dabcfe0259f7a927fb80f0145e

LummaStealer

66b6fc4a116af7fc4749b6e135206895770cd20344f66b0e1a15a7064041bf0a

LummaStealer

67c3f6d42f682af4f47f796521afc3529ea918b0a4ca51f09c21591afa82b7c7

LummaStealer

76740a7fbc17533283d982a101c3edec7ce2d56745a4bab0e3e125ccf207029e

LummaStealer

84cf41781911d3cee5155db71a07eee6f454a93116cd703f8132b9fa3e6117c5

LummaStealer

ae1ec6b47bfcf4a5de1efd2eed71dc596df897e1d015fe5a9134050b767974d5

LummaStealer

b6909687da9c87d2ca7d2836e149f5f642971641a36fc39bab98261594145185

LummaStealer

error

LummaStealer

+ 9 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

5/10

Tags:

discovery

Link:

https://tria.ge/reports/250626-sr8taavvay/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

System Location Discovery: System Language Discovery

Suspicious use of SetThreadContext

Verdict:

Suspicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/f725fdfc-6c62-47f8-b1c7-8909f732b023

Unpacked files

SH256 hash:

67c3f6d42f682af4f47f796521afc3529ea918b0a4ca51f09c21591afa82b7c7

MD5 hash:

fa07f32a59bbc8421c39b6d88de213f2

SHA1 hash:

e1fb8d706ba9bf56405dfc989a9424b507a724ee

Link:

https://www.unpac.me/results/b7910d5d-1804-472a-a58f-a5e05a4491e8/

Malware family:

Lumma

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/67c3f6d42f68/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/67c3f6d42f682af4f47f796521afc3529ea918b0a4ca51f09c21591afa82b7c7

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	command_and_control Create hunting rule
Author:	CD_R0M_
Description:	This rule searches for common strings found by malware using C2. Based on a sample used by a Ransomware group

Rule name:	DebuggerException__SetConsoleCtrl Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	DetectGoMethodSignatures Create hunting rule
Author:	Wyatt Tauber
Description:	Detects Go method signatures in unpacked Go binaries

Rule name:	GoBinTest Create hunting rule

Rule name:	golang Create hunting rule

Rule name:	Golangmalware Create hunting rule
Author:	Dhanunjaya
Description:	Malware in Golang

Rule name:	golang_binary_string Create hunting rule
Description:	Golang strings present

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset

Rule name:	golang_duffcopy_amd64 Create hunting rule

Rule name:	HiveRansomware Create hunting rule
Author:	Dhanunjaya
Description:	Yara Rule To Detect Hive V4 Ransomware

Rule name:	identity_golang Create hunting rule
Author:	Eric Yocam
Description:	find Golang malware

Rule name:	PE_Digital_Certificate Create hunting rule
Author:	albertzsigovits

Rule name:	ProgramLanguage_Golang Create hunting rule
Author:	albertzsigovits
Description:	Application written in Golang programming language

Rule name:	SEH__vectored Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	Sus_Obf_Enc_Spoof_Hide_PE Create hunting rule
Author:	XiAnzheng
Description:	Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)