MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 940021448f591b9362532c76b6750e3861f1236b01bf26e647a081996844c452. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


LummaStealer


Vendor detections: 3


Intelligence 3 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 940021448f591b9362532c76b6750e3861f1236b01bf26e647a081996844c452
SHA3-384 hash: d680813959c53263583bbf163e1a2259e0767a4454117617a0748dd13b0f55b229a4fff781b5c9dd6c85b7285f2e66c0
SHA1 hash: 82a125dc9d3e53b986627d2bae6ac807b7b88686
MD5 hash: 925f12e1cd90e738528bda26e5e9fa9b
humanhash: pip-north-oranges-finch
File name:aomei_partition_assistant_v10.8.0_technician_winpe.7z
Download: download sample
Signature LummaStealer
Create hunting rule
File size:16'299'763 bytes
First seen:2025-04-12 00:16:07 UTC
Last seen:Never
File type: 7z
MIME type:application/x-7z-compressed
Note:This file is a password protected archive. The password is: 1491
ssdeep 393216:yx4J6V+rnLujs3wvVG/ME9E6ZBaCgXP+JZgmfXfm6tgzc:y1grn6jMwve9pfaCqZmff8c
TLSH T19DF6331903EB0F5AD546C4D75BC52D31EA166F230F6894EE3B742AEC9808817D4EAD3B
TrID 57.1% (.7Z) 7-Zip compressed archive (v0.4) (8000/1)
42.8% (.7Z) 7-Zip compressed archive (gen) (6000/1)
Magika sevenzip
Reporter aachum
Tags:7z AutoIT file-pumped LummaStealer pw-1491


Avatar
iamaachum
https://media.builsitr.my/AOMEI_Partition_Assistant_v10.8.0_Technician_WinPE.zip?c=AEOv-WcvYwUA_YUCAEVTFwAMAAAAAAAk => https://arch2.builsitr.my/request/media/3Dc89G0a8IPgZGn7LKhlAtHG/AOMEI_Partition_Assistant_v10.8.0_Technician_WinPE.zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
142
Origin country :
ES ES
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:aomei_partition_assistant_v10.8.0_technician_winpe.exe
Pumped file This file is pumped. MalwareBazaar has de-pumped it.
File size:943'001'482 bytes
SHA256 hash: 1778a1fd0d8f87a11f94bdc8baffc66710300ce26fbf2d3515144e55158eb8fc
MD5 hash: b8354d0e718765d75934c1749858f17b
De-pumped file size:308'224 bytes (Vs. original size of 943'001'482 bytes)
De-pumped SHA256 hash: 87216377023406780a70299069f9150c40ac20753e5f94b4e326ebdff9cac526
De-pumped MD5 hash: 17fac44461415765c8ec7cc6edfecefa
MIME type:application/x-dosexec
Signature LummaStealer
Vendor Threat Intelligence
Verdict:
Malicious
Score:
97.4%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67fa0cfc1dba888a93d14c8e
Tags:
autoit emotet
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/940021448f591b9362532c76b6750e3861f1236b01bf26e647a081996844c452
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/940021448f591b9362532c76b6750e3861f1236b01bf26e647a081996844c452/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=sqaccreplenzgystfr3lm5iohbq7ci3lag7snzshucazs2ceyrja._file
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

LummaStealer

7z 940021448f591b9362532c76b6750e3861f1236b01bf26e647a081996844c452

(this sample)

Executable exe 87216377023406780a70299069f9150c40ac20753e5f94b4e326ebdff9cac526

  
Link
https://tria.ge/250412-ags1zatks9/behavioral2
  
Delivery method
Distributed via web download
  
Dropping
SHA256 87216377023406780a70299069f9150c40ac20753e5f94b4e326ebdff9cac526
  
Dropping
MD5 17fac44461415765c8ec7cc6edfecefa
  
Dropping
SHA256 27a24712451a2c4a41ede6ba313bad0c26d69ca9f681d164d41af022424ad9b2
  
Dropping
MD5 0dbff254abf29f1adbf7f446ec4f3877

Comments