MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 98096930546353bf9c8fdb90c189285a560bdbf3a1d0d6ee4eebc42c8b35ff43. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 98096930546353bf9c8fdb90c189285a560bdbf3a1d0d6ee4eebc42c8b35ff43
SHA3-384 hash: f0ee092e7f838d9ebb25d1098352e745ab800ec82addd23a1104d1d5080aa6446fc1f09ee947a93b4270a52d158be9d6
SHA1 hash: 016fa1ccb023b92b3adb3c5aaee00468b9c19136
MD5 hash: 4bdd611a7ad3d92fd9f92ff7cb82cb26
humanhash: beer-illinois-eighteen-freddie
File name:beta222.zip
Download: download sample
File size:11'033'103 bytes
First seen:2024-10-01 14:20:37 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 196608:DvYzWnQSzw1kXDp4PUWsAM7nIUssbrB42Qvro3sQbv1wqlfbr/BTpEG8M9bo9yDi:DvYzWHz00+sJssbrB42QvrKTvKqlf3/u
TLSH T11FB61398C6C37EEAC638DE30E5867FB02250D825F832CA73572056DA6FE7624CE57056
Magika zip
Reporter aachum
Tags:file-pumped zip


Avatar
iamaachum
https://finalstepgetshere.com/uploads/beta222.zip

Lumma C2:
https://reinforcenh.shop/api
https://stogeneratmns.shop/api
https://fragnantbui.shop/api
https://drawzhotdog.shop/api
https://vozmeatillu.shop/api
https://offensivedzvju.shop/api
https://ghostreedmnu.shop/api
https://gutterydhowi.shop/api
https://pianoswimen.shop/api
https://gravvitywio.store/api

Intelligence

File Origin
# of uploads :
1
# of downloads :
329
Origin country :
ES ES
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:WinFIG.exe
Pumped file This file is pumped. MalwareBazaar has de-pumped it.
File size:798'598'146 bytes
SHA256 hash: 4304cf12a607df22c6bb588e79c597ca0e96e24dc020e84063224eb1c8fa61dd
MD5 hash: 40e7550688efdaea9445bceebecd88fa
De-pumped file size:43'623'424 bytes (Vs. original size of 798'598'146 bytes)
De-pumped SHA256 hash: a5bf292d725d416bee7c2e2005047031412456d41923ea33d6f0b75104452bcd
De-pumped MD5 hash: e3f27f540bf438fa2fa78ee320663e45
MIME type:application/x-dosexec
Vendor Threat Intelligence
Verdict:
Malicious
Score:
94.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=66fc055f58399e4484e7c6d7
Tags:
Powershell Autoit Emotet Gumen
Result
Verdict:
Malicious
File Type:
ZIP File - Malicious
Link:
https://app.docguard.net/98096930546353bf9c8fdb90c189285a560bdbf3a1d0d6ee4eebc42c8b35ff43/results/dashboard
Behaviour
SuspiciousEmbeddedObjects detected
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
golang large-file overlay
Link:
https://www.filescan.io/uploads/66fc055170ee93675e14ba5d/reports/9b2969cc-51f9-4f73-898a-821ef965c005/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/98096930546353bf9c8fdb90c189285a560bdbf3a1d0d6ee4eebc42c8b35ff43
Result
Verdict:
UNKNOWN
Link:
https://labs.inquest.net/dfi/sha256/98096930546353bf9c8fdb90c189285a560bdbf3a1d0d6ee4eebc42c8b35ff43
Score:
97%
Verdict:
Malware
File Type:
ARCHIVE
Link:
https://malprob.io/report/98096930546353bf9c8fdb90c189285a560bdbf3a1d0d6ee4eebc42c8b35ff43
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/98096930546353bf9c8fdb90c189285a560bdbf3a1d0d6ee4eebc42c8b35ff43/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=taewsmcumnj37hep3oimdcjiljlaxw7tuhinn3so5pcczczv75bq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/98096930546353bf9c8fdb90c189285a560bdbf3a1d0d6ee4eebc42c8b35ff43

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

LummaStealer

PowerShell (PS) ps1 78f6ec9bdda9c44122ae81fd6b0ac6f04e8c68166243dd3c77a7315d158b1c83

LummaStealer

PowerShell (PS) ps1 bab3da7536b417c895fdb03cdd337d3cbab1e95f89000f3722a660e2a740a93f

zip 98096930546353bf9c8fdb90c189285a560bdbf3a1d0d6ee4eebc42c8b35ff43

(this sample)

  
Link
https://tria.ge/241001-re128sxdmb
  
Dropped by
SHA256 bab3da7536b417c895fdb03cdd337d3cbab1e95f89000f3722a660e2a740a93f
  
Delivery method
Distributed via web download
  
Dropped by
MD5 1ad28dad1597eb28ebe2b44dea6f5140

Comments