MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8b16de0f2561ea37deef7ead46f83228c4ebc3be1e95c59881a50680cd54574d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


LummaStealer


Vendor detections: 11


Intelligence 11 IOCs YARA 2 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8b16de0f2561ea37deef7ead46f83228c4ebc3be1e95c59881a50680cd54574d
SHA3-384 hash: 7740488019776382827e16f2225b6f1c4a8bef6742328453aab11ea739363354f1c936417fbd086d70aaf8cbc2d6607c
SHA1 hash: 23180db51414b21828c80f0356de53ec981cc530
MD5 hash: 0f00a3f854a7738459c28987fed7ebdc
humanhash: stream-fish-mars-carolina
File name:0f00a3f854a7738459c28987fed7ebdc
Download: download sample
Signature LummaStealer
Create hunting rule
File size:551'424 bytes
First seen:2024-01-19 12:32:42 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 650e1a3feb7dcf1eb62ecc5f9c88994f (1 x LummaStealer)
ssdeep 12288:F5lMLAtZpBmDJO8yQ41hawWeZyz0x7cyg85NrH1:1rPpcDh7wWAyyc185Nj
Threatray 24 similar samples on MalwareBazaar
TLSH T165C4BE1392E27D51EA718B729E3FC3E8771FF6504E497B6A22189B6F04B11B2C263711
TrID 46.6% (.CPL) Windows Control Panel Item (generic) (57583/11/19)
25.2% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
8.5% (.EXE) Win64 Executable (generic) (10523/12/4)
5.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
4.0% (.EXE) Win16 NE executable (generic) (5038/12/1)
File icon (PE):PE icon
dhash icon 9ee16565e5a58586 (1 x LummaStealer)
Reporter zbetcheckin
Tags:32 exe LummaStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
404
Origin country :
FR FR
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/471670/
Detection(s):
Win.Packer.pkr_ce1a-9980177-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Launching the default Windows debugger (dwwin.exe)
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/65aa6c0194d1aebfb2a67707/reports/c5575ab7-cbb0-437c-b045-8ce0ebcededf/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_100%
Link:
https://www.hybrid-analysis.com/sample/8b16de0f2561ea37deef7ead46f83228c4ebc3be1e95c59881a50680cd54574d
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/424b577f-2275-4dac-8c3d-608f6255604d
Result
Threat name:
LummaC
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1377386
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
C2 URLs / IPs found in malware configuration
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
LummaC encrypted strings found
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Query firmware table information (likely to detect VMs)
Snort IDS alert for network traffic
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Yara detected LummaC Stealer
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/8b16de0f2561ea37deef7ead46f83228c4ebc3be1e95c59881a50680cd54574d
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8b16de0f2561ea37deef7ead46f83228c4ebc3be1e95c59881a50680cd54574d/
Threat name:
Win32.Spyware.Lummastealer
Create hunting rule
Status:
Malicious
First seen:
2024-01-18 07:49:00 UTC
AV detection:
22 of 24 (91.67%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=rmln4dzfmhvdpxxpp2wun6bsfdcoxq56d2k4lgebuudibtkuk5gq._file
Verdict:
malicious
Similar samples:
006ab1b11bfdbf1e4a5dd2291e6e63d9f16e2896a5a0bec1ef46000307478ad8
LummaStealer
1d9c4b25f0649e0464a715e855f3bc50930d6dafedcc7a359fec043e50d0449c
LummaStealer
47c1777c418d9dfb9018cd7116e5aad726255bb4733f6597eab2b6e06955cca3
LummaStealer
8b16de0f2561ea37deef7ead46f83228c4ebc3be1e95c59881a50680cd54574d
LummaStealer
c427e85ef5de0ae057dd4c3c9411597c0eeb2e069dd1f70bb63d7969ef6bd445
LummaStealer
df29e20b458935df97732e0b71f5c992915d490cbe2e9dddb8da4da5d46dca9b
LummaStealer
f5921e86b2c6700bce14af3207fb722a952da1d697f19b7082da28ba34536099
LummaStealer
+ 14 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/240119-pq62hsdhhn/
Behaviour
Program crash
Unpacked files
SH256 hash:
2190a66ca6b91f6397092a77816d301b0dfee5b7d03b55ed5277d5993dfb094d
MD5 hash:
3615dba8c54c8472f4d09c955b1808c8
SHA1 hash:
03cabcce903c0f447784256e66305d32eedd8b58
Link:
https://www.unpac.me/results/24e66465-5d8c-47fb-8659-e13925b2ead0/
SH256 hash:
8b16de0f2561ea37deef7ead46f83228c4ebc3be1e95c59881a50680cd54574d
MD5 hash:
0f00a3f854a7738459c28987fed7ebdc
SHA1 hash:
23180db51414b21828c80f0356de53ec981cc530
Link:
https://www.unpac.me/results/24e66465-5d8c-47fb-8659-e13925b2ead0/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8b16de0f2561ea37deef7ead46f83228c4ebc3be1e95c59881a50680cd54574d

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:adonunix2
Create hunting rule
Author:Tim Brown @timb_machine
Description:AD on UNIX
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

LummaStealer

Executable exe 8b16de0f2561ea37deef7ead46f83228c4ebc3be1e95c59881a50680cd54574d

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2749518/
Cape
Cape
https://www.capesandbox.com/analysis/471670/

Comments


Avatar
zbet commented on 2024-01-19 12:32:43 UTC

url : hxxp://82.147.84.194/9.exe