MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 802150a8445988b00785f115a8ccb6c2c8afa48fe2efebf61cb31e3cf5362d6b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


LummaStealer


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 802150a8445988b00785f115a8ccb6c2c8afa48fe2efebf61cb31e3cf5362d6b
SHA3-384 hash: 6daadb295df054057e5d1dd4b76823fec6a966e5ae7b2825b2c67805ef9b24cdd64f458596214e2a67627ef95d718cfd
SHA1 hash: a9f384283a25a7c9cb2c3010f344d81d8ae4c521
MD5 hash: c2931bea79de9dbd2bca8696d97fddee
humanhash: london-lamp-helium-arizona
File name:s5.hta
Download: download sample
Signature LummaStealer
Create hunting rule
File size:1'193'810 bytes
First seen:2025-01-20 08:40:36 UTC
Last seen:Never
File type:HTML Application (hta) hta
MIME type:text/plain
ssdeep 12288:WaGEuWJuk441IqScL7xRKgK9KEKcK2KKKdKyKI+fKVKGmxKm4rK9KZK0KF:NJ74muYIREVt7/kHbC8RoBOEwlF
TLSH T106456D5A9B76E614D4715C70FDC5037530B06CC8A899CB094AFEB82168832F97ED9AFC
Magika txt
Reporter lontze7
Tags:eml hta LummaStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
337
Origin country :
FR FR
Vendor Threat Intelligence
Verdict:
Malicious
Score:
95.7%
Link:
https://cyber-fortress.com/docs/result/index.php?id=678e2e1eb5602ee8cdad8428
Tags:
ransomware obfuscate xtreme
Result
Verdict:
Clean
File Type:
HTA File
Link:
https://app.docguard.net/802150a8445988b00785f115a8ccb6c2c8afa48fe2efebf61cb31e3cf5362d6b/results/dashboard
Verdict:
Unknown
Threat level:
  2.5/10
Confidence:
100%
Tags:
masquerade
Link:
https://www.filescan.io/uploads/678e0c2c2a063b4c6e893d7b/reports/a99e31fb-b117-4d76-b825-840b2c836173/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/802150a8445988b00785f115a8ccb6c2c8afa48fe2efebf61cb31e3cf5362d6b
Result
Verdict:
UNKNOWN
Result
Threat name:
n/a
Detection:
clean
Classification:
n/a
Score:
2 / 100
Link:
https://www.joesandbox.com/analysis/1595039
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/802150a8445988b00785f115a8ccb6c2c8afa48fe2efebf61cb31e3cf5362d6b/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qaqvbkcelgelab4f6ek2rtfwylek7jep4lx6x5q4wmpdz5jwfvvq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/250120-mq39hsvqcl/
Behaviour
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/802150a8445988b00785f115a8ccb6c2c8afa48fe2efebf61cb31e3cf5362d6b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

LummaStealer

HTML Application (hta) hta 802150a8445988b00785f115a8ccb6c2c8afa48fe2efebf61cb31e3cf5362d6b

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3406824/
  
Delivery method
Distributed via web download

Comments