MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 946583a0803167de24c7c0d768fe49546108e43500a1c2c838e7e0560addc818. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SHA256 hash:	946583a0803167de24c7c0d768fe49546108e43500a1c2c838e7e0560addc818
SHA3-384 hash:	43e8913fdd8d218050c9dd2cd0296fe4122d98348e6610e2f9c394f6a31060cdb779cfaa1f5250aed40386da954f9921
SHA1 hash:	f1f661f00b19007a5355a982677761e5cf14a2c4
MD5 hash:	700a9938d0fcff91df12cbefe7435c88
humanhash:	ten-magazine-beer-jupiter
File name:	700a9938d0fcff91df12cbefe7435c88
Download:	download sample
Signature	LummaStealer Alert Create hunting rule
File size:	459'264 bytes
First seen:	2023-12-22 05:33:26 UTC
Last seen:	2024-01-08 20:15:40 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	7894ebd869f40ac69e6712adb71cda3c (1 x LummaStealer)
ssdeep	6144:btb2kbTOXb1JSqar6LNzVLReCCOQ6j4zu+jf6U5peQRVOm+T:MaTOqq+6LNzjwxPfhCQRVOmW
Threatray	109 similar samples on MalwareBazaar
TLSH	T17FA47D4392A27D46E92ECB729E2FC6E8761DF6518E4A37663139EE7F00B1072D163710
TrID	46.6% (.CPL) Windows Control Panel Item (generic) (57583/11/19) 25.2% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 8.5% (.EXE) Win64 Executable (generic) (10523/12/4) 5.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 4.0% (.EXE) Win16 NE executable (generic) (5038/12/1)
File icon (PE):
dhash icon	080828480e030200 (1 x LummaStealer)
Reporter	zbetcheckin
Tags:	32 exe LummaStealer

Intelligence

---

File Origin

# of uploads :

4

# of downloads :

451

Origin country :

FR

Vendor Threat Intelligence

ANY.RUN smoke

Malware family:

n/a

ID:

1

File name:

WEXTRACT.EXE

Verdict:

Malicious activity

Analysis date:

2023-12-15 19:13:02 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/da0f2e1d-07fa-4461-913d-a759e53820f4

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

CAPE Sandbox

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/468913/

ClamAV Detected

Detection(s):

Win.Packer.pkr_ce1a-9980177-0

Alert

Create hunting rule

Win.Packed.Stealerc-10017072-0

Alert

Create hunting rule

FileScan.IO Malicious

Verdict:

Malicious

Threat level:

  10/10

Confidence:

100%

Tags:

azorult packed smokeloader

Link:

https://www.filescan.io/uploads/65851fccb4e856b72823214f/reports/c8b56004-7049-470d-8343-f0eef450fb09/overview

Hybrid Analysis Malware

Verdict:

Malicious

Labled as:

Malware

Link:

https://www.hybrid-analysis.com/sample/946583a0803167de24c7c0d768fe49546108e43500a1c2c838e7e0560addc818

InQuest MALICIOUS

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Intezer Generic Malware

Malware family:

Generic Malware

Alert

Create hunting rule

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/58b7e595-1474-41c0-b0d1-df5436d0116b

Joe Sandbox LummaC Stealer

Result

Threat name:

LummaC Stealer

Alert

Create hunting rule

Detection:

malicious

Classification:

troj.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/1365957

Signature

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

C2 URLs / IPs found in malware configuration

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Found evasive API chain (may stop execution after checking computer name)

Found malware configuration

Machine Learning detection for sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic

Yara detected LummaC Stealer

Behaviour

Behavior Graph:

Download SVG

Nucleon Malprob Malware

Score:

100%

Verdict:

Malware

File Type:

PE

Link:

https://malprob.io/report/946583a0803167de24c7c0d768fe49546108e43500a1c2c838e7e0560addc818

CERT.PL MWDB

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/946583a0803167de24c7c0d768fe49546108e43500a1c2c838e7e0560addc818/

ReversingLabs TitaniumCloud Win32.Spyware.Lummastealer

Threat name:

Win32.Spyware.Lummastealer

Alert

Create hunting rule

Status:

Malicious

First seen:

2023-12-13 01:48:13 UTC

File Type:

PE (Exe)

Extracted files:

64

AV detection:

31 of 37 (83.78%)

Threat level:

  2/5

Spamhaus Hash Blocklist

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=srsyhieagft54jghydlwr7sjkrqqrzbvacq4fsby47qfmcw5zama._file

Threatray malicious

Verdict:

malicious

Similar samples:

01497dea122f92d36b4e0ae4eade31511b2db302e6f7f87a695e817065834281

LummaStealer

486271a3873f946e14f5662e2498d75c29323402c778bdf6ce0905b37619fc3a

LummaStealer

60b2187fb7db90cc596f9ab3eb852ef99e5d8a53467b552440282d02df5b18b2

LummaStealer

7d43625f6587b6539d7bc6037dcb8b0eb317a035c5deb69f79e307afa4ac4d45

LummaStealer

7da7d8176b9c386e2102b47341b29817c3ac5f2fb4f27a26ec70b3a00c900019

LummaStealer

82bf998ee07f0549a68b9904d760f7b0fd47ee68f08a59a26de171b6dc8ea3db

LummaStealer

aab601c71cc06d2fb8a80bc4884640bcdcca0bd1787598afd1a82fa4de0200f7

LummaStealer

d6244b83dddedd43c8142ac789abf28a9ae82d8decbc029cb2c22894134cd264

LummaStealer

fc1af115d47f4f6f00b3c2a06c64b4b580b76a16f8e1c122670ced300f4abf57

LummaStealer

+ 99 additional samples on MalwareBazaar

Hatching Triage lumma

Result

Malware family:

lumma

Alert

Create hunting rule

Score:

  10/10

Tags:

family:lumma stealer

Link:

https://tria.ge/reports/231222-f9expsbfb8/

Behaviour

Program crash

Detect Lumma Stealer payload V4

Lumma Stealer

UnpacMe win_lumma_a0

Unpacked files

SH256 hash:

0927d1280a2437ed7899853b5d15278d9e856d6c7f919696dd05fa6b8ebe3d67

MD5 hash:

62ddaa8ff43b6633c5b1a9a5bd9500ff

SHA1 hash:

164db811d572e78ecfd80d3b6c16833102342c56

Detections:

win_lumma_a0

Alert

Create hunting rule

Link:

https://www.unpac.me/results/6090f57c-a096-4d35-8ec8-68629360c5f8/

SH256 hash:

946583a0803167de24c7c0d768fe49546108e43500a1c2c838e7e0560addc818

MD5 hash:

700a9938d0fcff91df12cbefe7435c88

SHA1 hash:

f1f661f00b19007a5355a982677761e5cf14a2c4

Link:

https://www.unpac.me/results/6090f57c-a096-4d35-8ec8-68629360c5f8/

VirusTotal

Please note that we are no longer able to provide a coverage score for Virus Total.

YOROI YOMI Malicious File

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/946583a0803167de24c7c0d768fe49546108e43500a1c2c838e7e0560addc818

File information

---

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

LummaStealer

exe 946583a0803167de24c7c0d768fe49546108e43500a1c2c838e7e0560addc818

(this sample)

  

Delivery method

Distributed via web download

  

URLhaus

https://urlhaus.abuse.ch/url/2743435/

Cape

https://www.capesandbox.com/analysis/468913/

Comments

---

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

zbet commented on 2023-12-22 05:33:27 UTC

url : hxxp://77.91.124.172/files/lumtru.exe