MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6c56d77d3a3b8c42a14d23bc26b816ce3ccaa4a99cf1fda4d41e759ad164c543. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


LummaStealer


Vendor detections: 2


Intelligence 2 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6c56d77d3a3b8c42a14d23bc26b816ce3ccaa4a99cf1fda4d41e759ad164c543
SHA3-384 hash: da43c132305972afbbeeae7c7904808fa6bc301501d4e32979f6fa017efba32527a3cb332853bc22e1488fd1ec5987f9
SHA1 hash: 3d5e384e3e7cf84b2e8b8d261967bc47461b8c66
MD5 hash: 9e6f7f0e1f0fc37614afeb445f36ef02
humanhash: hotel-double-south-black
File name:recuva_professional__technician_(2024)_full_español_[mega].7z
Download: download sample
Signature LummaStealer
Create hunting rule
File size:4'370'451 bytes
First seen:2026-03-18 21:49:14 UTC
Last seen:Never
File type: 7z
MIME type:application/x-7z-compressed
Note:This file is a password protected archive. The password is: 5367
ssdeep 98304:os5vpiKGTPxp+15NF+njp+ekofBhu9MfqKCx4l5fm8wdxvPcXZ:qDe1x67fSTA5fWPvg
TLSH T1F31633314EED895293BEDED1A5EF6F3CE49A0B6813CA935074F6A1433CB5F821126E44
TrID 57.1% (.7Z) 7-Zip compressed archive (v0.4) (8000/1)
42.8% (.7Z) 7-Zip compressed archive (gen) (6000/1)
Magika sevenzip
Reporter aachum
Tags:7z AsgardProtector file-pumped LummaStealer pw-5367


Avatar
iamaachum
https://media.advancedpaydays.info/Recuva_Professional__Technician_(2024)_Full_Espa%C3%B1ol_%5BMega%5D.zip => https://arch.primedatahost2.cfd/auth/media/[x]/Recuva_Professional__Technician_(2024)_Full_Espa%C3%B1ol_%5BMega%5D.zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
ES ES
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:recuva_professional__technician_(2024)_full_español_[mega].exe
Pumped file This file is pumped. MalwareBazaar has de-pumped it.
File size:860'939'450 bytes
SHA256 hash: fa2c411f8371790637f1736837d821742b2a0bfbfd4ddb93bb4fe13d9cbd7943
MD5 hash: f704d9e1c38e3a64d0aa9aa85eb44aa0
De-pumped file size:2'152'960 bytes (Vs. original size of 860'939'450 bytes)
De-pumped SHA256 hash: 63066d64377e314bc34b7e2257910324f8ca73dea9ef41586df6be5785ee868a
De-pumped MD5 hash: c8c833ed296169638b87d7892ea77903
MIME type:application/x-dosexec
Signature LummaStealer
Vendor Threat Intelligence
No detections
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69bb1e1e93b644ca466b782e
Tags:
n/a
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/6c56d77d3a3b8c42a14d23bc26b816ce3ccaa4a99cf1fda4d41e759ad164c543
Verdict:
Unknown
File Type:
7z
Link:
https://opentip.kaspersky.com/6c56d77d3a3b8c42a14d23bc26b816ce3ccaa4a99cf1fda4d41e759ad164c543/results?tab=lookup
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6c56d77d3a3b8c42a14d23bc26b816ce3ccaa4a99cf1fda4d41e759ad164c543/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nrlno7j2hogefikneo6cnoawzy6mvjfjtty73jgudz2zvuleyvbq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:detect_Redline_Stealer
Create hunting rule
Author:Varp0s
Rule name:TH_AntiVM_MassHunt_Win_Malware_2026_CYFARE
Create hunting rule
Author:CYFARE
Description:Detects Windows malware employing anti-VM / anti-sandbox evasion techniques across VMware, VirtualBox, Hyper-V, QEMU, Xen, and generic sandbox environments
Reference:https://cyfare.net/
Rule name:VECT_Ransomware
Create hunting rule
Author:Mustafa Bakhit
Description:Detects activity associated with VECT ransomware. This includes registry modifications and deletions, execution of system and defense-evasion commands, suspicious API usage, mutex creation, file and memory manipulation, ransomware note generation, anti-debugging and anti-analysis techniques, and embedded cryptographic constants (SHA256) characteristic of this malware family. Designed for threat intelligence and malware detection environments.
Rule name:win32_lumma_stealer
Create hunting rule
Author:Reedus0
Description:Rule for detecting LummaStealer malware

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

LummaStealer

7z 6c56d77d3a3b8c42a14d23bc26b816ce3ccaa4a99cf1fda4d41e759ad164c543

(this sample)

LummaStealer

Executable exe 95042d369e0edccb5d22cfd2509bcdf6934f7b9bfd213fa9c3e8631beb8d35ee

  
Link
https://tria.ge/260318-v35bcagt5k/behavioral2
  
Delivery method
Distributed via web download
  
Dropping
SHA256 95042d369e0edccb5d22cfd2509bcdf6934f7b9bfd213fa9c3e8631beb8d35ee
  
Dropping
MD5 31eda7ea837bc4c5589638e8b8c51595
  
Dropping
SHA256 63066d64377e314bc34b7e2257910324f8ca73dea9ef41586df6be5785ee868a
  
Dropping
MD5 c8c833ed296169638b87d7892ea77903

Comments