MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7bd7346f3ef17dd2c0cc405b6754ddcd7effd90619b94a1715fa90f9a5fea9ac. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

LummaStealer

Vendor detections: 11

Intelligence 11 IOCs YARA 3 File information Comments

SHA256 hash:	7bd7346f3ef17dd2c0cc405b6754ddcd7effd90619b94a1715fa90f9a5fea9ac
SHA3-384 hash:	789451a89be9d8d9b2f4a836084e992f0a860e2397f6dab6296370531448a13210949e8e0718f9460fdb4e920a9ecc07
SHA1 hash:	be612ffc4a8cfd2db7e7f3c4a4702d0f1b42fabf
MD5 hash:	0976a42399d372caa48da798822365e3
humanhash:	nebraska-don-oklahoma-table
File name:	0976a42399d372caa48da798822365e3.exe
Download:	download sample
Signature	LummaStealer Create hunting rule
File size:	252'416 bytes
First seen:	2023-01-06 07:43:01 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	7bca87c7309353055aed194207c93e99 (5 x RedLineStealer, 3 x Smoke Loader, 2 x DanaBot)
ssdeep	3072:nXCIWyfLLKbGWBAP5zIcwR28ri1NYU7g0cD5+j7TZfGPTmcTdMdJ0mAl:XNLLfWBAZ4OcD5+jYPKdJ
Threatray	24 similar samples on MalwareBazaar
TLSH	T17434CF117A92D472C15E9C304834EAE56E7BBCB26974D98F37743F1F6A702F05A22782
TrID	47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 15.9% (.EXE) Win64 Executable (generic) (10523/12/4) 9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 7.6% (.EXE) Win16 NE executable (generic) (5038/12/1) 6.8% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):
dhash icon	1024e390e4e72158 (2 x Smoke Loader, 1 x RedLineStealer, 1 x LummaStealer)
Reporter	abuse_ch
Tags:	exe LummaStealer

Intelligence

File Origin

# of uploads :

# of downloads :

187

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

0976a42399d372caa48da798822365e3.exe

Verdict:

Malicious activity

Analysis date:

2023-01-06 07:45:59 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/51eac390-a764-4b31-849c-87ea395c68a3

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/349891/

Detection(s):

SecuriteInfo.com.MSIL-29.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a custom TCP request

Launching the default Windows debugger (dwwin.exe)

Searching for the window

Verdict:

No Threat

Threat level:

2/10

Confidence:

100%

Tags:

greyware packed

Link:

https://www.filescan.io/uploads/63b7d1070fdf1633326d73ed/reports/369bee2f-1bc6-4524-80c9-f963a57d8560/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Malicious Packer

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/e24dc5b6-0b28-44a0-8036-b14986f7482a

Result

Threat name:

LummaC Stealer

Detection:

malicious

Classification:

troj

Score:

60 / 100

Link:

https://www.joesandbox.com/analysis/1146085

Signature

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Yara detected LummaC Stealer

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/7bd7346f3ef17dd2c0cc405b6754ddcd7effd90619b94a1715fa90f9a5fea9ac/

Threat name:

Win32.Trojan.SmokeLoader

Status:

Malicious

First seen:

2023-01-05 14:55:00 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

23 of 26 (88.46%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=pplti3z66f65fqgmibnwovg5zv7p7wigdg4uufyv7kiptjp6vgwa._file

Verdict:

malicious

LummaStealer

2ffce4a30025c7b0c408da211a4a5c00c395c4933b94ecfa818a8c1aea5ae4d2

LummaStealer

3419f8887e6f4a2e3520510e30a24c383364e26930329d911c2c40207dab096b

LummaStealer

4ae22455f6c6d9c69f58283b69e529c73c447fe00839026084ca463f5a96cc41

LummaStealer

781b268a96c09be7b60c94eb48f0343e56b79bbf2a86e05b0547bd095784f4dc

LummaStealer

b59c9c2c9df5daeedfa78f14ea42b94d4fc2308db18bef199108723a7533f592

LummaStealer

c0bbb556f5f3c43c100a68d34ecd1a19f8b5afe3675836cf8cd5eb29afa7cc72

LummaStealer

c516fc3286df7ec543273f5cce533a9d356c56ab014c2d92337ba420712da32c

LummaStealer

c837a63ce5b9c5828fbf262e570947fbdc78ef081411f1cd0f22bd534ef55788

LummaStealer

f5717aef9a4323816387603920b652a94ac0d9cedef36391cedd9cdcbfef7f60

LummaStealer

+ 14 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

7/10

Tags:

spyware stealer

Link:

https://tria.ge/reports/230106-jj8zmsba3z/

Behaviour

Program crash

Accesses cryptocurrency files/wallets, possible credential harvesting

Reads user/profile data of web browsers

Verdict:

Informative

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/b6c4dd27-b2c8-4e11-a0fb-222c9221e7cf

Unpacked files

SH256 hash:

473455b4e8418a2fdf3be5334a066f180e5d33c0fb02726f6646dfee4474d922

MD5 hash:

0620377debe132e58593439a61cfdbbc

SHA1 hash:

dbcfbc728073cfd0b702f69fe2fabc21788a9eba

Link:

https://www.unpac.me/results/3e4ddf19-d735-4d4a-be58-ceefe9ae5a38/

SH256 hash:

7bd7346f3ef17dd2c0cc405b6754ddcd7effd90619b94a1715fa90f9a5fea9ac

MD5 hash:

0976a42399d372caa48da798822365e3

SHA1 hash:

be612ffc4a8cfd2db7e7f3c4a4702d0f1b42fabf

Link:

https://www.unpac.me/results/3e4ddf19-d735-4d4a-be58-ceefe9ae5a38/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/7bd7346f3ef17dd2c0cc405b6754ddcd7effd90619b94a1715fa90f9a5fea9ac

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	cobalt_strike_tmp01925d3f Create hunting rule
Author:	The DFIR Report
Description:	files - file ~tmp01925d3f.exe
Reference:	https://thedfirreport.com

Rule name:	pdb_YARAify Create hunting rule
Author:	@wowabiy314
Description:	PDB

Rule name:	Windows_Trojan_Smokeloader_3687686f Create hunting rule
Author:	Elastic Security

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/349891/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample