MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8f588350c7e24e7e7deb4701f5698c027c5b0336eb16f9b2a014d3bfc53b790e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


LummaStealer


Vendor detections: 2


Intelligence 2 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8f588350c7e24e7e7deb4701f5698c027c5b0336eb16f9b2a014d3bfc53b790e
SHA3-384 hash: 304d18eddf7c7cdfa416cc5315c01501e4553860792f563318129a7265a945346948b7407a2273e4cdd7c92e02822873
SHA1 hash: 2b93e31cba5b7f1191898bc5e796b9617a38db7f
MD5 hash: 752cac97fb4d685ede7ff3b942a63309
humanhash: bakerloo-seven-one-fruit
File name:Uрdаtеd-25.07.rar
Download: download sample
Signature LummaStealer
Create hunting rule
File size:69'070'030 bytes
First seen:2025-07-27 23:03:23 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
Note:This file is a password protected archive. The password is: 2025
ssdeep 1572864:ME4EYhBOO9qbfBhbzmjuFs8J34EAHPPUmxwZFtfCeKo:94JHOO9qbr2q1J3zc7kNX
TLSH T19EE733E59E8D3DEA225138BFCFAFF2A6B017DC97038A9C3E5410453D1966C462916CCB
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Magika rar
Reporter aachum
Tags:AutoIT CypherIT file-pumped LummaStealer pw-2025 rar


Avatar
iamaachum
https://www.youtube.com/post/Ugkx4m4cl3rbPQjRofu89Wx0l6C__OxO8p6q => https://www.mediafire.com/folder/kne21fn5huuak/Launcher

Intelligence

File Origin
# of uploads :
1
# of downloads :
225
Origin country :
ES ES
File Archive Information

This file archive contains 102 file(s), sorted by their relevance:

File name:avcodec-61.dll
File size:35'439'152 bytes
SHA256 hash: a56cd3583dac0973d0416dabcce0067a791ee85d539a7abc928aa702837dc549
MD5 hash: bfad364de85f022cfa9abd41ff341fa5
MIME type:application/x-dosexec
Signature LummaStealer
File name:ms.pak
File size:465'954 bytes
SHA256 hash: 47f77f32d6f18d95c15c0e4c04df8ba1a05784c8c671360aaf2db487520ddcf8
MD5 hash: 7321194b6267c9cdd0bda30e4203b859
MIME type:application/octet-stream
Signature LummaStealer
File name:swscale-8.dll
File size:593'448 bytes
SHA256 hash: 051e7137b76ab37a2126ddfebb9346a7d441e58f4218f7a3bbd6c06f2626df03
MD5 hash: bb9002c0de20cb4824e6d4bd2d4bdce9
MIME type:application/x-dosexec
Signature LummaStealer
File name:bg.pak
File size:829'898 bytes
SHA256 hash: bb6107701d4184539f914a33634ae0300d0a9e2deae979b88a3ece53605c5179
MD5 hash: fcae54e530f1c0b4cab64328c89e4128
MIME type:application/octet-stream
Signature LummaStealer
File name:datachannel.dll
File size:2'018'352 bytes
SHA256 hash: 50917d8663625747d371d90b055cc39b9c5a4603ea6160739ef431fb3c8b770a
MD5 hash: d33fc71dd2559db5ed74593210653c24
MIME type:application/x-dosexec
Signature LummaStealer
File name:Qt6Widgets.dll
File size:6'356'520 bytes
SHA256 hash: 0ec5f74204b71ff47aafc1faa24dac8aedbc48037ee788726e4b275977b10ed2
MD5 hash: 3caf8c8babb05270672e087904b49971
MIME type:application/x-dosexec
Signature LummaStealer
File name:he.pak
File size:647'332 bytes
SHA256 hash: 4dad9b698b48ad90553bc3c82ce8faca6e4f8264ec6ac5b9e1bf2cd20f2ecce6
MD5 hash: 3d3d2134b30ef1d443e07250229e2678
MIME type:application/octet-stream
Signature LummaStealer
File name:kn.pak
File size:1'206'867 bytes
SHA256 hash: 77b514e529b8aba4da86653bbfae0fdf3fc4eee0d84caf40530a23bfa58d790f
MD5 hash: 3638bfec55b3e6146eaacff7edac9976
MIME type:application/octet-stream
Signature LummaStealer
File name:fr.pak
File size:538'728 bytes
SHA256 hash: 5b88cebd089e9bca4978cb9df076ed06f97fd5f6d496f6a47ef6d42441726566
MD5 hash: c63cb62bf919064b0b6326a0e598da50
MIME type:application/octet-stream
Signature LummaStealer
File name:fi.pak
File size:460'130 bytes
SHA256 hash: 55fcad7f30965e07a749a79d4e304cb8aff79afc367c6870738b8dbe78ae3ced
MD5 hash: 1fe6aff5d58a2e9078125a3eba51310d
MIME type:application/octet-stream
Signature LummaStealer
File name:qsvgicon.dll
File size:71'216 bytes
SHA256 hash: 996c1ae79dee7f585556469ada6688aea81c7b5af3d8fcffbee00de53bf06145
MD5 hash: cb632f0ec6e683e868df50e46c661e5f
MIME type:application/x-dosexec
Signature LummaStealer
File name:en-GB.pak
File size:409'180 bytes
SHA256 hash: 525d94f828b967070b72e6043e0b9d1c55364b382be1f040b010b90a41b6a815
MD5 hash: 1d94e3d6893a9f8e54962482186ede36
MIME type:application/octet-stream
Signature LummaStealer
File name:concrt1542.dll
File size:334'643 bytes
SHA256 hash: 0c000a9884c66ce8410949a2ec359daca99b135408eef9ec54a9911bdc46016d
MD5 hash: 2c2a4ca7fcb1b5e77c69b19a661f722d
MIME type:application/x-dosexec
Signature LummaStealer
File name:sr.pak
File size:782'627 bytes
SHA256 hash: b8d0bb2ef02f21acd435e4e969bce77b7b3410263763d2ed76a2fa73120e5e1a
MD5 hash: ff5e1f8f679fcf45ace4b095d23841d0
MIME type:application/octet-stream
Signature LummaStealer
File name:Qt6Gui.dll
File size:7'652'400 bytes
SHA256 hash: 5ef0b30c06ce3f2350599c096988decd9288b5abc688953a75e0e818d076e71e
MD5 hash: 50648960e8549e7bf9c22a4ec18161ee
MIME type:application/x-dosexec
Signature LummaStealer
File name:g-64x.dll
File size:11'265 bytes
SHA256 hash: c83f39ac089c7e8fdf7a3b393685fc196be6bef84decc2b9dd5fd02f2372c118
MD5 hash: fe8841f601b9d48bc36ff4d39af66435
MIME type:application/x-dosexec
Signature LummaStealer
File name:avutil-59.dll
File size:919'600 bytes
SHA256 hash: b2ce3aa6a74e1c20278d8b9ceaf4e1894750af2a2b1e2c90a9e5100863ff6c43
MD5 hash: 07b899e30dd896a6873f04f6f9f60cc4
MIME type:application/x-dosexec
Signature LummaStealer
File name:qschannelbackend.dll
File size:263'312 bytes
SHA256 hash: 8a25fc4b8d29ee934fac2a26f85f98b82eaa4eb5b0ea924a98bfe597cbe7cd71
MD5 hash: a79fdae77d68c47599a2501224a1bb1a
MIME type:application/x-dosexec
Signature LummaStealer
File name:qwebp.dll
File size:544'296 bytes
SHA256 hash: 3e55d1935064b373dac8c264d6b006874c39cab1fb938bc756c12d8604506158
MD5 hash: d86411a9badea64ea3384c333d00c534
MIME type:application/x-dosexec
Signature LummaStealer
File name:de.pak
File size:501'314 bytes
SHA256 hash: 4fd6c23374b3bb860a705ab343bea2905cda824953cf2729f2da7c86ef314f99
MD5 hash: ef63e015c168179a884821c9db90bfe4
MIME type:application/octet-stream
Signature LummaStealer
File name:ar.pak
File size:795'593 bytes
SHA256 hash: 65266af2212453cc9cab96296a516070375924119ec55754f41c8053af3d8048
MD5 hash: 3368204e7ff3e30e61651b6872f7a6b7
MIME type:application/octet-stream
Signature LummaStealer
File name:pl.pak
File size:522'671 bytes
SHA256 hash: cc4775d2d1a1751cd6ee4de5adc7d4a13b079e7b132898595cb2865e0a57c823
MD5 hash: 1e6a60b03abd6dc4f8c869dbc774b680
MIME type:application/octet-stream
Signature LummaStealer
File name:msvcp150.dll
File size:675'113 bytes
SHA256 hash: 3c59109e47c24ad75c62b824680859631510ae29a8770232411aedfc424c5a7e
MD5 hash: 70c7f354f48db7401851364ad93a09ac
MIME type:application/x-dosexec
Signature LummaStealer
File name:agora_rtc_sdk.dll
File size:35'543'224 bytes
SHA256 hash: 82a61866ccd8df32e0f9c7442221ecdda34a8ea7cd90a207a5b53f9639ffb9c7
MD5 hash: 4a3476454cca3c5f039b9820cfcbbe46
MIME type:application/x-dosexec
Signature Heodo
File name:ko.pak
File size:506'410 bytes
SHA256 hash: d1e47481b8775c11c7b4b42fd73c7fca614e16950581e892ea739def6cc9dcbb
MD5 hash: bd258202d84cb6cd398c38eb444d7c13
MIME type:application/octet-stream
Signature LummaStealer
File name:fil.pak
File size:521'550 bytes
SHA256 hash: af5917413713e97363a62aef1909cf7a800f031ca68bbf211cb243032a68b461
MD5 hash: 3a9fe4cb75cbf95a747e4a98e9a5134b
MIME type:application/octet-stream
Signature LummaStealer
File name:nb.pak
File size:453'377 bytes
SHA256 hash: 43fbabc2a7b4ab2dddd00fb511aafa241a9905af40409b7c3f54210b6152302f
MD5 hash: bd58803d4cd991cc7b562da68428867b
MIME type:application/octet-stream
Signature LummaStealer
File name:sv.pak
File size:455'531 bytes
SHA256 hash: 9ba97cf45ed07f4b8b3304c55bade120fd01f6ef0c2d7685765151c40b2b3acb
MD5 hash: bcaa22655669b60765b38521b21da875
MIME type:application/octet-stream
Signature LummaStealer
File name:am.pak
File size:729'626 bytes
SHA256 hash: ee3bcc0a396a18e14e6ac1b4f2310cd6118c7fa9a317e67e273d5e2b8ca01d6d
MD5 hash: bc4c700b7c415ad4c92e3bef4ae7c4a8
MIME type:application/octet-stream
Signature LummaStealer
File name:hi.pak
File size:1'105'235 bytes
SHA256 hash: eef6fc72fe85670200ca23656e69804d9d02d9ef3d0c1ccf7d129d71474ef400
MD5 hash: 248182b1fe577681f70dda64b046e120
MIME type:application/octet-stream
Signature LummaStealer
File name:tr.pak
File size:490'225 bytes
SHA256 hash: c85fc7d5f699150c5643702e694ba82f94f0e630730441223a214a9d9437242d
MD5 hash: 0b215cb173e45ca6b3c5b117380249c3
MIME type:application/octet-stream
Signature LummaStealer
File name:Installеr-x86.exe
Pumped file This file is pumped. MalwareBazaar has de-pumped it.
File size:873'463'813 bytes
SHA256 hash: ab487c73f6a3d4d7cea7777720127ebdbb5bf84f686cc59ece82b4e0dbaa27d5
MD5 hash: 10ecd0632a50e3a5673fc37635b162c8
De-pumped file size:84'992 bytes (Vs. original size of 873'463'813 bytes)
De-pumped SHA256 hash: f4e1b347860c30d0939c8cf9f459a7d5292f60d6a334c904f4da6fe89734524a
De-pumped MD5 hash: 3efdcc3ccd8b54ce3209bd3f4d28a443
MIME type:application/x-dosexec
Signature LummaStealer
File name:hr.pak
File size:501'986 bytes
SHA256 hash: 155a03a996003ae7cf7ba22894b0fa479f0fc6a04578baf6a888ff1b2e8473fd
MD5 hash: b556be50b983d7d62a8f44dcb24efea5
MIME type:application/octet-stream
Signature LummaStealer
File name:qtga.dll
File size:34'352 bytes
SHA256 hash: 4ba741a3f91d7e1ec3dedc4dac84743f5a7fdd1b1c1c6b3274550d29fd788826
MD5 hash: d145fc032964836a8e1a0982ef547cd3
MIME type:application/x-dosexec
Signature LummaStealer
File name:pt-BR.pak
File size:491'574 bytes
SHA256 hash: e2a95144584d124e754f20c743ea91ed31f96d375bd24df8b0df3c411c6e08b9
MD5 hash: fc5c376e32878058c7fb3dd691de3338
MIME type:application/octet-stream
Signature LummaStealer
File name:qwindowsvistastyle.dll
File size:146'480 bytes
SHA256 hash: d64a7728b032a2eb1a97c8acc1cb7e54c11ab5faa360fd3a8da0bc0aa199cf39
MD5 hash: 5b626b85cabf7b4b1f95f3815cdb875c
MIME type:application/x-dosexec
Signature LummaStealer
File name:bn.pak
File size:1'072'700 bytes
SHA256 hash: 9d9bd667d75539698c1e1febc4f0d9f37accca2cd0813314fde01df8d130a20a
MD5 hash: e5bfbba7a15e8d989257ab6f4cc65550
MIME type:application/octet-stream
Signature LummaStealer
File name:en-US.pak
File size:412'921 bytes
SHA256 hash: 2ba506930a8da5c3389d0616ada76630dd7f41d5cb8ee850f2406028f015d3db
MD5 hash: f70ea9666c4b2d503da8e0237c46eca8
MIME type:application/octet-stream
Signature LummaStealer
File name:th.pak
File size:966'907 bytes
SHA256 hash: 719d26daf93fb83bd66e97984cc907a55210e0cb0af3a226bec535451d38fdb7
MD5 hash: 3c92d82202b5169d4de9dcee45708772
MIME type:application/octet-stream
Signature LummaStealer
File name:es-419.pak
File size:497'346 bytes
SHA256 hash: 803dd9d993d27ee7ada530046f6933dc5eaf35af1e43cb678b1f82e41375c5a2
MD5 hash: 41a4b6343b952185a4fada57ee9fcbc9
MIME type:application/octet-stream
Signature LummaStealer
File name:zh-TW.pak
File size:415'117 bytes
SHA256 hash: b81e24415243f7470f714379363157f2bd7b2d22e203ec5966878ed4b68140d3
MD5 hash: ba9709f6d6363aa06a4838ac8344e262
MIME type:application/octet-stream
Signature LummaStealer
File name:da.pak
File size:469'361 bytes
SHA256 hash: dcf563b44cf1bce09dfb017a8e51da2e5653e834e312e7d9c3a868c4b90b5a7e
MD5 hash: 18300a43e13aa570e0ddad7205e4c528
MIME type:application/octet-stream
Signature LummaStealer
File name:avformat-60.dll
File size:2'484'880 bytes
SHA256 hash: 17e49a141502a26655cb3adec68c45ea19491e713eea13b1c3c35e458e77cc1d
MD5 hash: aaf5e285e8e8ed6a6e428b52728ed18e
MIME type:application/x-dosexec
Signature LummaStealer
File name:pt-PT.pak
File size:492'901 bytes
SHA256 hash: 98e2b6e8c3e67da3a2069040330461f0a4b6feb05c6d3981d07b748ac191182e
MD5 hash: c21418f325ad1b9d86b7957b41ecbeef
MIME type:application/octet-stream
Signature LummaStealer
File name:zh-CN.pak
File size:418'923 bytes
SHA256 hash: 331e9240251d1191c599b09230d7ca9f8b11e51e5d94ff8bd63108512c0ddc58
MD5 hash: 917ab791cb4d24be5f369956cd059e21
MIME type:application/octet-stream
Signature LummaStealer
File name:id.pak
File size:444'236 bytes
SHA256 hash: 3134fa4e6e3745d206aaff3d8b4fbc289ca29b687ef1d8f16ff22012efb3dfef
MD5 hash: e1038c2d0ea1eebfd9e25dae192a868d
MIME type:application/octet-stream
Signature LummaStealer
File name:qwbmp.dll
File size:32'816 bytes
SHA256 hash: 69021866bafeee56e2292aa7f372ec3a9a8c4c612c3f91e55a41b0fa9ba791bd
MD5 hash: fd62db2d489e060dad7ad2e3eef3b0b8
MIME type:application/x-dosexec
Signature LummaStealer
File name:hu.pak
File size:540'163 bytes
SHA256 hash: 2e6795aac09546926d93180082a3e4ef64b08a18ac513d79493ea8fa168e9cc4
MD5 hash: 10f85e5fede463e2486ed890a561bed5
MIME type:application/octet-stream
Signature LummaStealer
File name:avutil-58.dll
File size:1'112'208 bytes
SHA256 hash: a8da1bcec215e8b002c4f8da2ddbc340d93937c93c480cd30d42b1d506f77a7c
MD5 hash: 203009102eef773a714cf83515723b4f
MIME type:application/x-dosexec
Signature LummaStealer
File name:uk.pak
File size:837'618 bytes
SHA256 hash: dee2afb40fa3b7c6788b6d8e3a775953b9b0589a131841ad9b520f580cf92881
MD5 hash: 42f48e833a462cacf030bb0a0e9f9439
MIME type:application/octet-stream
Signature LummaStealer
File name:et.pak
File size:450'256 bytes
SHA256 hash: 7b301a55543e15c5255db083b7156a5cbb1bd7669c863376651e7c536a0d3c03
MD5 hash: 03aab03a3d067c79b8ad078af1aff9f6
MIME type:application/octet-stream
Signature LummaStealer
File name:vi.pak
File size:580'729 bytes
SHA256 hash: 8b98769b3b97df10ebed4f25a0b115f2e0b059e9adedebb96c444a71e2eadf17
MD5 hash: 844b68e44ccbaac773f36d442e59a339
MIME type:application/octet-stream
Signature LummaStealer
File name:cs.pak
File size:519'311 bytes
SHA256 hash: 6e6e158da321c3914399aabad1bb68f43d907e21c5568c182ac12539ed308672
MD5 hash: 2fa44a92c2e2304f8180f703e2363d2c
MIME type:application/octet-stream
Signature LummaStealer
File name:ta.pak
File size:1'242'551 bytes
SHA256 hash: 3683217dba2149b98f418cbe50920561c6dc7d702a85dda98efe8981da669585
MD5 hash: 984e4341b5b8077e4d0c76fdfd14785f
MIME type:application/octet-stream
Signature LummaStealer
File name:qopensslbackend.dll
File size:320'144 bytes
SHA256 hash: d78806f6c92310172e095240b112bc966c60c7a34eaaf3aac8497ba31e6cd95a
MD5 hash: 2ce461340c36cefe018d18bcfa0bc943
MIME type:application/x-dosexec
Signature LummaStealer
File name:avformat-61.dll
File size:2'364'976 bytes
SHA256 hash: 6c92331088a6d47b1ef020a0533ff5b381c2dbd494cc171da7091ec108f72dfd
MD5 hash: 85b3c13e018bc39f50e40a0328a37ac3
MIME type:application/x-dosexec
Signature LummaStealer
File name:qtwebengine_resources_200p.pak
File size:193'758 bytes
SHA256 hash: 70418cc40f2078d59972bfd5d182b1169beceec2a828a5b81cf6e77933adf6f4
MD5 hash: 09da93dd890313c6051e3eb31cab562e
MIME type:application/octet-stream
Signature LummaStealer
File name:qwindows.dll
File size:864'808 bytes
SHA256 hash: bd298ce2431b580d078a43b10f4942329b432be8a8580ccc4f7c9efc6b0bac78
MD5 hash: e5fdabb37d85289aebf765191dabd0a6
MIME type:application/x-dosexec
Signature LummaStealer
File name:v8_context_snapshot.bin
File size:626'313 bytes
SHA256 hash: 3202f8ca18e49da8be573afdfe3ada8b98b351f8c5f1ec08ee92e8f00cd8d9b2
MD5 hash: 38a09bcf4160f5b345942462b63c1c7e
MIME type:application/octet-stream
Signature LummaStealer
File name:msvcp150_2.dll
File size:195'888 bytes
SHA256 hash: 7c629aa475626a26d4f38832a513cef3bcb539fb5195ffd06682f31ec3a125a5
MD5 hash: d33d9ec1486e319526f893fd9b1d9c12
MIME type:application/x-dosexec
Signature LummaStealer
File name:sl.pak
File size:507'801 bytes
SHA256 hash: d56f8cc78078bc7904203c078425d7e5ca943509e6ccc87947eb866671e5be7a
MD5 hash: 790d7c9113c73b8a0274a1b5a43fd7cb
MIME type:application/octet-stream
Signature LummaStealer
File name:ca.pak
File size:504'464 bytes
SHA256 hash: beec5dbddc73c0d80faa6677298f002c52dad4991deb5f533da8f07cef775be2
MD5 hash: dd10c97f6c8153faec769dec63aeed67
MIME type:application/octet-stream
Signature LummaStealer
File name:Qt6Core.dll
File size:6'213'672 bytes
SHA256 hash: ef21323f9f78a6250a0f1217351bf3075ab40f6f48d4042750cad0154e711f92
MD5 hash: 2595c31dabbba4175eb9028ed9c019b9
MIME type:application/x-dosexec
Signature LummaStealer
File name:it.pak
File size:491'001 bytes
SHA256 hash: 6f1cd9d09ec1be6033bcb0c2efba08a961214f1d6d7a9844b88e7d612e7a1860
MD5 hash: 84030ab6437d9279b2e93a4e83ab5d56
MIME type:application/octet-stream
Signature LummaStealer
File name:qsvg.dll
File size:35'888 bytes
SHA256 hash: 9000ebb35f8745034d4b0b3e75e487b26f569f4f29e88331410754d4c1c655c6
MD5 hash: 0d0b1188275c9db73a69d0b3679279b2
MIME type:application/x-dosexec
Signature LummaStealer
File name:qtwebengine_resources.pak
File size:2'318'143 bytes
SHA256 hash: 7e9c3c381c6a1bf31b4fc75c68a9c2f30ca34d9999291ada1d3eaf0b79618d4a
MD5 hash: f249e5dd0eaf7ffbcc2843fccce85ef2
MIME type:application/octet-stream
Signature LummaStealer
File name:qico.dll
File size:42'544 bytes
SHA256 hash: 997645e67c1955e3c042e3da7764650d32d82621f35e51d38dec60fd0ef6fc50
MD5 hash: 9650ce605a168facb0e8e5c31afd20ea
MIME type:application/x-dosexec
Signature LummaStealer
File name:es.pak
File size:497'035 bytes
SHA256 hash: 97ed628a013d27736ab03547e5e68e25392e6b47d5b531d4fa8abbf1544a65c6
MD5 hash: 7d3755aa3480aa469e6172b451ebd0d4
MIME type:application/octet-stream
Signature LummaStealer
File name:qtiff.dll
File size:425'008 bytes
SHA256 hash: ba900ca6443f906533024c8d7107f1e6af0397350ed8bb70c7f8ffab0c08140a
MD5 hash: ecceaa7dc81da1321f4cdc4d4942529e
MIME type:application/x-dosexec
Signature LummaStealer
File name:gu.pak
File size:1'052'170 bytes
SHA256 hash: b558039d718858f3a15ceaf9c2ba5a89282bc5f6f15ede43a1e552fa458114ff
MD5 hash: e3074b687e6a6deb35bf1400caffb425
MIME type:application/octet-stream
Signature LummaStealer
File name:avdevice-61.dll
File size:82'992 bytes
SHA256 hash: 87a704b1aae504c3a9760ec9185f9e4a5b0071bb5cae276496c136302700cefb
MD5 hash: c6244b5d658fe2ab9f021b9d2d6d3507
MIME type:application/x-dosexec
Signature LummaStealer
File name:qgif.dll
File size:44'080 bytes
SHA256 hash: eff1d266c2bffb401929795de540f53e25741c807ad348bfff44277437adda4e
MD5 hash: 566082337f3d4e2762ba0748e358a882
MIME type:application/x-dosexec
Signature LummaStealer
File name:el.pak
File size:908'872 bytes
SHA256 hash: b5e5c07f0a8837eee32bdb0954c1bfd5ea48e069a7fb50a97610457bb2d96de8
MD5 hash: 800026f5d9237f49835886db2c53b295
MIME type:application/octet-stream
Signature LummaStealer
File name:avcodec-60.dll
File size:12'826'768 bytes
SHA256 hash: 639f445c807dfef8a42a5e1bc0b1a19f82fcf2523b46820c60465bd47d8e47a5
MD5 hash: 5c9a91c44c5646c0d7d2ee4cf990cb5f
MIME type:application/x-dosexec
Signature LummaStealer
File name:te.pak
File size:1'150'219 bytes
SHA256 hash: 294f64705018a555ef7d76f82dfd783fd81d2bcd99d521841be0f2d887e4d3b9
MD5 hash: ca628239fb9568e6badcdb848bf764de
MIME type:application/octet-stream
Signature LummaStealer
File name:ru.pak
File size:837'416 bytes
SHA256 hash: 2d4583e3bbe119224a4dbd80ece065a978890d294d0bc1f3948a10c33ea7f06d
MD5 hash: 7cde65967d57746972a785d73223a7f0
MIME type:application/octet-stream
Signature LummaStealer
File name:srt.dll
File size:681'000 bytes
SHA256 hash: 87d5d65399faef90676f9c5bc621683adbeab040967377f026f2dc73974e5462
MD5 hash: cd4fb9c8710d03056328bc5b817a7f34
MIME type:application/x-dosexec
Signature LummaStealer
File name:fa.pak
File size:739'800 bytes
SHA256 hash: 9915278c25a19420b400f28859c504e3f82fc8d44046d769e586d6b97deb44c0
MD5 hash: 4003031412d00fd89eb2700e6be45b66
MIME type:application/octet-stream
Signature LummaStealer
File name:sw.pak
File size:480'538 bytes
SHA256 hash: 8e37295c46adc0afe92ca7f4a1a2ed52a97e14423d11eb05e8a14b543493195b
MD5 hash: a76199fc5387610c34c10fe432de8ae6
MIME type:application/octet-stream
Signature LummaStealer
File name:mr.pak
File size:1'030'699 bytes
SHA256 hash: ec720a494da509c7f6d6581bf83a7194d20a4da8fd260c4cd5590399506fe89a
MD5 hash: 69217e4bad9444e0b36b9dec6d13587a
MIME type:application/octet-stream
Signature LummaStealer
File name:icudtl.dat
File size:10'717'392 bytes
SHA256 hash: f5170aa2b388d23bebf98784dd488a9bcb741470384a6a9a8d7a2638d768defb
MD5 hash: e0f1ad85c0933ecce2e003a2c59ae726
MIME type:application/octet-stream
Signature LummaStealer
File name:Qt6Network.dll
File size:1'485'360 bytes
SHA256 hash: f584fa60728a4dc478c84a2ad48628ccfd0749fe8986cfd42f652f7d2145ff17
MD5 hash: 58ac752338f8828efb85cee21c45e021
MIME type:application/x-dosexec
Signature LummaStealer
File name:qcertonlybackend.dll
File size:104'592 bytes
SHA256 hash: 9039e7af3cc64ff8d653b71f8bf9a90549ef5f35de6beed23cab336f4e3102fc
MD5 hash: 5240566cd1d97774f03c319606396659
MIME type:application/x-dosexec
Signature LummaStealer
File name:LICENSE.txt
File size:9'519 bytes
SHA256 hash: 7f6839a61ce892b79c6549e2dc5a81fdbd240a0b260f8881216b45b7fda8b45d
MD5 hash: 31c5a77b3c57c8c2e82b9541b00bcd5a
MIME type:text/plain
Signature LummaStealer
File name:qtwebengine_resources_100p.pak
File size:148'530 bytes
SHA256 hash: c471280e5c2b50d0089c069954c84b121a70a7c50a2865b061e6c5eda329e634
MD5 hash: 698db9c6537b8d9dec4869a11355af2a
MIME type:application/octet-stream
Signature LummaStealer
File name:qicns.dll
File size:51'248 bytes
SHA256 hash: a93e7ac94bf8154b7ef7504c840ed556fc4e7ca2c7f3f5e33301f01667e99424
MD5 hash: 803d704f0acaed851d3ac1dc4a96d7af
MIME type:application/x-dosexec
Signature LummaStealer
File name:lv.pak
File size:541'884 bytes
SHA256 hash: 624c7917250b498c2e643421212989b7dfaec944d06a5a0954568f8e9e90b0b2
MD5 hash: 84509c858c9da5347db91821960af8e8
MIME type:application/octet-stream
Signature LummaStealer
File name:sk.pak
File size:528'574 bytes
SHA256 hash: c7609346fc5d8cf34d3f6e6b5fe4366f6eac06731e14e6453b7820f02c21b635
MD5 hash: 097248216acaad35198b979dd2bee4fb
MIME type:application/octet-stream
Signature LummaStealer
File name:ro.pak
File size:512'395 bytes
SHA256 hash: f916fe52080eaccab979a8b527596e7196acde3aa90b1f836801d9f7b90df1fd
MD5 hash: 3f570679307286594588bcad66a13f8c
MIME type:application/octet-stream
Signature LummaStealer
File name:Qt6Xml.dll
File size:150'576 bytes
SHA256 hash: 0002f1bde3f752a95882e2df51d0b92e1a5ff57c39e28b217cc377ed11557158
MD5 hash: 683a61fd045b1bf8c94c2d6c92e633e1
MIME type:application/x-dosexec
Signature LummaStealer
File name:ml.pak
File size:1'255'507 bytes
SHA256 hash: c182a95c3b75b2bc5795bba0af6badcb2588ba2d84cd68925e75cf5ffc0168da
MD5 hash: 3f2d7238334e87c1dd28508ae42ce499
MIME type:application/octet-stream
Signature LummaStealer
File name:avfilter-10.dll
File size:6'815'792 bytes
SHA256 hash: 4c4d9195a9f55c77773e47b35aa15ea079876b36e845f5bfa9b5d2da5e699367
MD5 hash: 775de06135af15873e5e58126d26f087
MIME type:application/x-dosexec
Signature LummaStealer
File name:libcurl.dll
File size:588'848 bytes
SHA256 hash: 3e8c66f2d5b59a326ef986aeb85a97d0ebabb925788a70f4691d5c1a730b0283
MD5 hash: 64ff0368c834438d5c502d087c00a100
MIME type:application/x-dosexec
Signature LummaStealer
File name:w32-pthreads.dll
File size:64'048 bytes
SHA256 hash: 13db16bba86fb9d4d22301ca38764d6f412429e292f4976a7e482db0ef194930
MD5 hash: 112e669b44d78d1590a5f96c43452ca7
MIME type:application/x-dosexec
Signature LummaStealer
File name:lt.pak
File size:544'918 bytes
SHA256 hash: 0050421881174da761b3177082de0862eeb1f20165169eb057ee74fcbdf95eee
MD5 hash: 82c786051cc71dac807c37fca436a91e
MIME type:application/octet-stream
Signature LummaStealer
File name:qjpeg.dll
File size:562'728 bytes
SHA256 hash: dbbbfb881691e3942922a9e9388ba8a5dd49616b6bf3ea324f58f47cd7e7a689
MD5 hash: 8777030c192312025d5d493b951c1341
MIME type:application/x-dosexec
Signature LummaStealer
File name:ja.pak
File size:599'753 bytes
SHA256 hash: 87831c3227dad088afaf94a2dd03dc66fe14aee7c2e031c7b7798ff4b11b30d7
MD5 hash: 286a4d7ee7e011a524e8f4c70592d1ff
MIME type:application/octet-stream
Signature LummaStealer
File name:Qt6Svg.dll
File size:379'432 bytes
SHA256 hash: 8b24426b7feb067ad67767358e39de713804cfd1cea583214a8ab2ddcf50b306
MD5 hash: 6d2482a29e461d8c3dfba621733ed0b8
MIME type:application/x-dosexec
Signature LummaStealer
File name:swresample-5.dll
File size:132'656 bytes
SHA256 hash: 217404c6e2462afcfa6b03d03ccfae83106656ee4d3b3b52fa62db3eed643a63
MD5 hash: 12cd02a9f63567cd968c82211d2bda43
MIME type:application/x-dosexec
Signature LummaStealer
File name:libobs-d3d11.dll
File size:200'752 bytes
SHA256 hash: 4f66e09422fe0132a732cc46758e2e0a7b6b1aba6e4eeee96646e6847b4c9a16
MD5 hash: d8e3f9e930d7a5d68fd9ea125846ec28
MIME type:application/x-dosexec
Signature LummaStealer
File name:qminimal.dll
File size:53'808 bytes
SHA256 hash: 5d4d462147f1588bbd5dbd32889f51b621c217cb47b2f846876de87df116b66a
MD5 hash: 4ea45273097acf49a14316e4492ec03e
MIME type:application/x-dosexec
Signature LummaStealer
File name:nl.pak
File size:466'965 bytes
SHA256 hash: bf1b04e7fd896333e4e2ffbc411563d5de30e4c241e3f7e0c60548af1310bc1a
MD5 hash: a17f9d1ecc10a7da391a2fa71220e123
MIME type:application/octet-stream
Signature LummaStealer
Vendor Threat Intelligence
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6886b15a0b4775fb213259bf
Tags:
n/a
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=r5migugh4jhh47pli4a7k2mmaj6fwazw5mlptmvactj37rj3peha._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250728-dh1c8at1fw/
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:botnet_plaintext_c2
Create hunting rule
Author:cip
Description:Attempts to match at least some of the strings used in some botnet variants which use plaintext communication protocols.
Rule name:Detect_NSIS_Nullsoft_Installer
Create hunting rule
Author:Obscurity Labs LLC
Description:Detects NSIS installers by .ndata section + NSIS header string
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

LummaStealer

rar 8f588350c7e24e7e7deb4701f5698c027c5b0336eb16f9b2a014d3bfc53b790e

(this sample)

LummaStealer

Executable exe 1144f6c33d9ca7c1b9b23fa1bf8d64b441f10cd1d0a35638827771cc9df5d2d3

  
Link
https://tria.ge/250727-12wkpsswe1/behavioral1
  
Delivery method
Distributed via web download
  
Dropping
SHA256 1144f6c33d9ca7c1b9b23fa1bf8d64b441f10cd1d0a35638827771cc9df5d2d3
  
Dropping
MD5 f89b4d78ad74469a12e7bd92716e03fd
  
Dropping
SHA256 f4e1b347860c30d0939c8cf9f459a7d5292f60d6a334c904f4da6fe89734524a
  
Dropping
MD5 3efdcc3ccd8b54ce3209bd3f4d28a443

Comments