MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 9ade8e2deac223a99974d5465bbb7e3e6ed95e6a2b085b60a6f808a47ce46b71. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
LummaStealer
Vendor detections: 4
| SHA256 hash: | 9ade8e2deac223a99974d5465bbb7e3e6ed95e6a2b085b60a6f808a47ce46b71 |
|---|---|
| SHA3-384 hash: | 18426312483aba355d976c7021b27c79b8641f55fbce7634aa4552f1b3d494bbc2ec57098d0dc62d72f57be8d30647f9 |
| SHA1 hash: | d2faa4c3dfcb9cc1f2ea4a666e9ee4b3beb10354 |
| MD5 hash: | cfd65841ffa4fe6938f6b4c42312faa0 |
| humanhash: | finch-thirteen-nine-kentucky |
| File name: | #𝓟𝓪$$𝓒Ō𝔻𝓮--2244--Set𝓤p_𝓓𝓸𝔀𝓷𝓵𝓪𝓸𝓭_32 𝟞𝟜𝕓𝕚!!!!!Latest.7z |
| Download: | download sample |
| Signature | LummaStealer |
| File size: | 9'120'449 bytes |
| First seen: | 2025-03-21 20:28:03 UTC |
| Last seen: | Never |
| File type: | 7z |
| MIME type: | application/x-7z-compressed |
| Note: | This file is a password protected archive. The password is: 2244 |
| ssdeep | 196608:EakJgFx7dA+ndxdTG92pFV0ipBgzcl3Vlj7dMLisjbgEeI10czjZg:7k4x7ddnd3TGIzKipvluesjcEejsjZg |
| TLSH | T15A9633809BE79AF975E44CCA0E7FD0528F721705E28D2B719F45BAAEC542121A58CFC3 |
| TrID | 57.1% (.7Z) 7-Zip compressed archive (v0.4) (8000/1) 42.8% (.7Z) 7-Zip compressed archive (gen) (6000/1) |
| Magika | sevenzip |
| Reporter |  aachum |
| Tags: | 7z AutoIT file-pumped LummaStealer pw-2244 |
iamaachum
https://edsflps2.pro/?=ijn&diu=886&sid=IUe => https://www.mediafire.com/file/v05m6iv863jayog/#%F0%9D%93%9F%F0%9D%93%AA$$%F0%9D%93%92%C5%8C%F0%9D%94%BB%F0%9D%93%AE--2244--Set%F0%9D%93%A4p_%F0%9D%93%93%F0%9D%93%B8%F0%9D%94%80%F0%9D%93%B7%F0%9D%93%B5%F0%9D%93%AA%F0%9D%93%B8%F0%9D%93%AD_32+%F0%9D%9F%9E%F0%9D%9F%9C%F0%9D%95%93%F0%9D%95%9A!!!!!Latest.zip/fileIntelligence
File Origin
# of uploads :
1
# of downloads :
109
Origin country :
ESFile Archive Information
This file is a password protected archive. The password is: 2244
This file archive contains 112 file(s), sorted by their relevance:
| File name: | Setup.exe |
|---|---|
| Pumped file | This file is pumped. MalwareBazaar has de-pumped it. |
| File size: | 524'287'994 bytes |
| SHA256 hash: | e6489e1a8258aeaec31f31f2e10af2d40474a7c79b38fdcf0dc69f141e6340b0 |
| MD5 hash: | bfd7391008735c40fb72274b4087f6b8 |
| De-pumped file size: | 125'440 bytes (Vs. original size of 524'287'994 bytes) |
| De-pumped SHA256 hash: | 1cdac5fa59e7b553287a86cb8330b4a2458494198437ef63eaf3bea95df45142 |
| De-pumped MD5 hash: | 8450e289b62990c034fe18c4abb437a7 |
| MIME type: | application/x-dosexec |
| Signature | LummaStealer |
| File name: | CP1253.TXT |
|---|---|
| File size: | 9'236 bytes |
| SHA256 hash: | 14352bebcdffffca4c56df5619567f698b7eb2eb7d7968095c7438a306429020 |
| MD5 hash: | a116881b002e4ecd04b2ddf38efa0bb7 |
| MIME type: | text/plain |
| Signature | LummaStealer |
| File name: | array_walk_variation8.phpt |
|---|---|
| File size: | 1'017 bytes |
| SHA256 hash: | 003fb1da4f01cd85582d717460a45f6e2b3a80db2c4740c1f548e79bb0ae0151 |
| MD5 hash: | 6fd59c12937d01e85a85a4fc7db0bafc |
| MIME type: | text/plain |
| Signature | LummaStealer |
| File name: | fseek_ftell_rewind_variation4-win32.phpt |
|---|---|
| File size: | 6'424 bytes |
| SHA256 hash: | a23010136275c0f0cbe078ecd5020f99862002152158e229652b01767c258bbe |
| MD5 hash: | 56e522cb18a4eb3329bfec430569ef8e |
| MIME type: | text/plain |
| Signature | LummaStealer |
| File name: | ps_title.h |
|---|---|
| File size: | 1'531 bytes |
| SHA256 hash: | 0bfc2b79549d4b4ca046b03ea2b5dc6e20bc8740a4555545c485cb79d2d477c1 |
| MD5 hash: | d78ea4f96395a572a6c72dffb932a0d8 |
| MIME type: | text/x-c |
| Signature | LummaStealer |
| File name: | Microsoft.WinForms.DesignTools.Client.dll |
|---|---|
| File size: | 1'434'048 bytes |
| SHA256 hash: | ced2fb5a4e449b15e65c41b5e8359915e2314ce8fd7a07b707e9e149d09f7f69 |
| MD5 hash: | 1c36cace1cd162ef1a092af4739fad28 |
| MIME type: | application/x-dosexec |
| Signature | LummaStealer |
| File name: | identical_004.phpt |
|---|---|
| File size: | 358 bytes |
| SHA256 hash: | 33d39a9b341efbf9a366ccb636002f9f999184c149e5857590564c3380a2f024 |
| MD5 hash: | 7d55a519a163d52fec48060f7965aa0f |
| MIME type: | text/plain |
| Signature | LummaStealer |
| File name: | base_convert_improvements.phpt |
|---|---|
| File size: | 1'517 bytes |
| SHA256 hash: | 8b9c511d306482abb8af462bab3deacc5ff43d21047fa0de6a2324b3e55ae945 |
| MD5 hash: | 92d9faf73f26ab7fa6628688f0cd4592 |
| MIME type: | text/plain |
| Signature | LummaStealer |
| File name: | libidn2-0.dll |
|---|---|
| File size: | 240'955 bytes |
| SHA256 hash: | 9e25e0825f70d898f7c1e05e3ac227a3644fbbe771e5706512bdaf28f41fdc9a |
| MD5 hash: | 40352bdea5395b6a46c7aa7b8509c315 |
| MIME type: | application/x-dosexec |
| Signature | LummaStealer |
| File name: | ImBatchFormats.dll |
|---|---|
| File size: | 520'704 bytes |
| SHA256 hash: | b176c03727f1120e37e09a73d0f76dd772e08eda0accf2a5ac84771260ed6d29 |
| MD5 hash: | 79d1408798f174bed68e1f198008967c |
| MIME type: | application/x-dosexec |
| Signature | LummaStealer |
| File name: | cpfecl.iOS.arm.dll |
|---|---|
| File size: | 421'808 bytes |
| SHA256 hash: | 80acd0508c32b2cb3f7636448a504913d6e668ca9dcf45593d39be93adf46b30 |
| MD5 hash: | 7b6de505ca39037670962c652f5c1c59 |
| MIME type: | application/x-dosexec |
| Signature | LummaStealer |
| File name: | Microsoft.VCToolsVersion.v143.default.txt |
|---|---|
| File size: | 13 bytes |
| SHA256 hash: | 1dfcf1621ae303eb347b3dba2dd97f488d88430c49d71cec0d53a1f211942df4 |
| MD5 hash: | efeb557c20009b21c267586e69ef697b |
| MIME type: | text/plain |
| Signature | LummaStealer |
| File name: | datepatterngenerator_clone.phpt |
|---|---|
| File size: | 414 bytes |
| SHA256 hash: | 72c8bf43af0b3e83b9270e465603719a2c5f72fd6aefe5f03a14e246cd44dc0a |
| MD5 hash: | 3693e1771c41e2e9691222db17a94dd7 |
| MIME type: | text/plain |
| Signature | LummaStealer |
| File name: | DisplayLanguageNames.fr_FR.txt |
|---|---|
| File size: | 33'980 bytes |
| SHA256 hash: | c17dbd0dcdd664dea461205fcfe1505c6bc5e502211425271c6f2a527e271b3e |
| MD5 hash: | 91776fe348b10ed40898176317018aff |
| MIME type: | text/plain |
| Signature | LummaStealer |
| File name: | Microsoft.VisualStudio.Search.Implementation.dll |
|---|---|
| File size: | 232'480 bytes |
| SHA256 hash: | 5bb809a8f23718a8deb62ccc7b117e1bb9c17976e6bd93eff4a44b110f9b3ee8 |
| MD5 hash: | 10eb15d9c5be7c4f9f2747bd1afb2458 |
| MIME type: | application/x-dosexec |
| Signature | LummaStealer |
| File name: | mit2ms.exe |
|---|---|
| File size: | 18'000 bytes |
| SHA256 hash: | 4e35ad89f6c6b9ae0360ba35b784c545fa6e891ec1ed4154de30fbd27f297c17 |
| MD5 hash: | 18fd72301b28863b76951bcafc5d15c3 |
| MIME type: | application/x-dosexec |
| Signature | LummaStealer |
| File name: | Microsoft.NET.Sdk.WorkloadManifestReader.dll |
|---|---|
| File size: | 268'552 bytes |
| SHA256 hash: | 66f98e34c2355e9c4ed3927877947a84c63d5a4682c723990edbd3e9fc5f9c6b |
| MD5 hash: | abe498a3ebea671a060604404600668f |
| MIME type: | application/x-dosexec |
| Signature | LummaStealer |
| File name: | example.com_fuzzfail_v0.2.0.txt |
|---|---|
| File size: | 416 bytes |
| SHA256 hash: | 1bb803c5cb33d044c618266389afaeb19972b29a26147ef2cddd19255509670b |
| MD5 hash: | 36a8186587712935d811e4308caea41d |
| MIME type: | text/plain |
| Signature | LummaStealer |
| File name: | MSB1STAR.DLL |
|---|---|
| File size: | 266'096 bytes |
| SHA256 hash: | 39d3cebc3ad7d8f6500adbe6daf39c38ee9b1220214928e8fe9700ff44eff4d0 |
| MD5 hash: | 4ec05e244e9a6d14a2f3fe32c284cf7a |
| MIME type: | application/x-dosexec |
| Signature | LummaStealer |
| File name: | System.Collections.Immutable.dll |
|---|---|
| File size: | 694'552 bytes |
| SHA256 hash: | e8fce6eedf694e590742f455edbd6995411d6e0340daf3171640e7a8764754f9 |
| MD5 hash: | df79e94a72679777d96abadd1982f25f |
| MIME type: | application/x-dosexec |
| Signature | LummaStealer |
| File name: | pdftotext.exe |
|---|---|
| File size: | 1'537'966 bytes |
| SHA256 hash: | 252d2b345662ba6d3705d79d53dad059aa8ef14f9dcf3afe015facbf1ca995e0 |
| MD5 hash: | 01f962227ca448830335ab1f1251823b |
| MIME type: | application/x-dosexec |
| Signature | LummaStealer |
| File name: | testclass.php.inc |
|---|---|
| File size: | 33 bytes |
| SHA256 hash: | e9c5d47b9bca995e699bcac1fdbcf16c73bf39d64830a2601dbbab008e0d6ab6 |
| MD5 hash: | 319e25561ae7210e281df95c9b7f3adf |
| MIME type: | text/x-php |
| Signature | LummaStealer |
| File name: | list_shadow.txt |
|---|---|
| File size: | 1'200 bytes |
| SHA256 hash: | 80dc0d0ecaddebc4f607b8f72b29b734735914e7d10d5c6c768369347ee86d2a |
| MD5 hash: | e0f7e3875dcde07a3c3fa30554d8eb02 |
| MIME type: | text/plain |
| Signature | LummaStealer |
| File name: | array_values_basic.phpt |
|---|---|
| File size: | 606 bytes |
| SHA256 hash: | 8a1a07004bb3f24f0cba6f1782c29fa8c1657f3a2120d2be672643da008db315 |
| MD5 hash: | 948dd88c89bcb47aa9baa747659ecb34 |
| MIME type: | text/plain |
| Signature | LummaStealer |
| File name: | AsFilterDriverEx.exe |
|---|---|
| File size: | 23'400 bytes |
| SHA256 hash: | 23c9cfbc64a5a54ea7d2b1f22f7df50301b58e2816875d6a57b7f7c3a270c986 |
| MD5 hash: | c5f7c64ebd83227ec61acac2fad13775 |
| MIME type: | application/x-dosexec |
| Signature | LummaStealer |
| File name: | libcairo-2.dll |
|---|---|
| File size: | 651'810 bytes |
| SHA256 hash: | be7b4001bc845046bd60de322a9e6b0ecf7e1ac88b0405483f3a8e23e9049af6 |
| MD5 hash: | adb63f7f2dbc0c749bd0ceae63eac67d |
| MIME type: | application/x-dosexec |
| Signature | LummaStealer |
| File name: | Newtonsoft.Json.Bson.dll |
|---|---|
| File size: | 253'360 bytes |
| SHA256 hash: | 1fb7ffeaafde8a5ddf58760dc0c9d7ad4234504e1c8d51c43ab0f294cb10072a |
| MD5 hash: | 498a3b3a0329f6aecea28a7de8c6c482 |
| MIME type: | application/x-dosexec |
| Signature | LummaStealer |
| File name: | xmlwf.exe |
|---|---|
| File size: | 82'678 bytes |
| SHA256 hash: | 5f8fe35626875f0bbfc857ea642f56c336114f309f57c31accae10baf41fd97f |
| MD5 hash: | 2503be1f7f65965f92008d29043df8e3 |
| MIME type: | application/x-dosexec |
| Signature | LummaStealer |
| File name: | Microsoft.PowerPlatform.Dataverse.Client.dll |
|---|---|
| File size: | 416'152 bytes |
| SHA256 hash: | 7ae45650195e6533979e2426ac12e49469a72c799a55266fa6e736e4e70cfa31 |
| MD5 hash: | b0e92cdff7197a78e9e29d549be815ed |
| MIME type: | application/x-dosexec |
| Signature | LummaStealer |
| File name: | bug72858.phpt |
|---|---|
| File size: | 436 bytes |
| SHA256 hash: | 8825db6d28a9d99f6ec5f35ee96f91f2c0bc73256fdd389924c2f5562af77fcd |
| MD5 hash: | eaadebbaec8b04833d529d4ebfe8b79e |
| MIME type: | text/plain |
| Signature | LummaStealer |
| File name: | DisplayLanguageNames.he_IL.txt |
|---|---|
| File size: | 32'032 bytes |
| SHA256 hash: | 79b12ee3f92a30d4396c2383957b1b60091daadb682b9d73e04cbc90a7d52915 |
| MD5 hash: | edaef0bd1d1ba30644d34276e2ef9182 |
| MIME type: | text/plain |
| Signature | LummaStealer |
| File name: | 018.phpt |
|---|---|
| File size: | 865 bytes |
| SHA256 hash: | e7723a2127f3516a6705eb12ed59907d6e22f4e43b248f1f1e3e07031546dae7 |
| MD5 hash: | f14d8901110e40424f4ce1b01ae9010c |
| MIME type: | text/plain |
| Signature | LummaStealer |
| File name: | mc_trans_video_imagescaler.dll |
|---|---|
| File size: | 338'632 bytes |
| SHA256 hash: | 7477d95ce37cf920a420df3a0e04b95c1971d317420b543fb9235d4a984f28a6 |
| MD5 hash: | bea48568be193f5f2c9c485a3bda0736 |
| MIME type: | application/x-dosexec |
| Signature | LummaStealer |
| File name: | env_unset.txt |
|---|---|
| File size: | 553 bytes |
| SHA256 hash: | d1bfd923f644b7c0089f9d0abb6028a00b8281c216c5a31aaed50e05dddcf5a0 |
| MD5 hash: | aad25d2c8ce173cb3ed5f44258fb4d9c |
| MIME type: | text/plain |
| Signature | LummaStealer |
| File name: | bug64166_2.phpt |
|---|---|
| File size: | 1'013 bytes |
| SHA256 hash: | 2fd1ec558648025f38a75512a656527dca6cd84f789f6278760ecdd005e113b1 |
| MD5 hash: | 869457584e875eca2d8ac18cfc837c4c |
| MIME type: | text/plain |
| Signature | LummaStealer |
| File name: | Microsoft.TestPlatform.VsTestConsole.TranslationLayer.dll |
|---|---|
| File size: | 243'976 bytes |
| SHA256 hash: | 4a3003a094e21bc7039da4d77c4f296d9940024d6924e73e485789f71fc1e218 |
| MD5 hash: | 3204aeb6d65c73fb1f9261e3526c2333 |
| MIME type: | application/x-dosexec |
| Signature | LummaStealer |
| File name: | Microsoft.VisualStudio.Workspace.ExternalBuildFramework.Impl.dll |
|---|---|
| File size: | 401'328 bytes |
| SHA256 hash: | 5d117f592ad7d6634bb04b9b3c16e572945eba28d763be063f23a9bd170a1135 |
| MD5 hash: | cfc8efe123d99ef17413533025b518b8 |
| MIME type: | application/x-dosexec |
| Signature | LummaStealer |
| File name: | test_goroot_PATH.txt |
|---|---|
| File size: | 795 bytes |
| SHA256 hash: | 6ddf51b428520b5476cf5138dcaa3310b4c0d28e89c42171ace197535b8c62ab |
| MD5 hash: | 10810c861fe1e380ce9899b4e5a1e863 |
| MIME type: | text/plain |
| Signature | LummaStealer |
| File name: | OPTIONS_SHELL.txt |
|---|---|
| File size: | 787 bytes |
| SHA256 hash: | 49b143811fab0ee6cbc50f0bdb907e0569caeef02bdfa5446be533514f1e2245 |
| MD5 hash: | 5950b38df5a11d323e0f9f5267933d5f |
| MIME type: | text/plain |
| Signature | LummaStealer |
| File name: | IPEDINTL.DLL |
|---|---|
| File size: | 883'600 bytes |
| SHA256 hash: | 055f70bb1e4aa90c7a125c29c3ffedc4ccb12f959bc16e4bff593e4ca731df72 |
| MD5 hash: | aee307c937abf6512b79007cda8ee8b6 |
| MIME type: | application/x-dosexec |
| Signature | LummaStealer |
| File name: | linklist3.txt |
|---|---|
| File size: | 349 bytes |
| SHA256 hash: | 7b43dd41d0fbeaa14236857e025d29fded09b0df8aa30dd40d7e0755620f1b6d |
| MD5 hash: | af3c7164cb99a6959127faaafaffec7e |
| MIME type: | application/json |
| Signature | LummaStealer |
| File name: | ctype_upper_basic.phpt |
|---|---|
| File size: | 413 bytes |
| SHA256 hash: | fc3603c8754f9def9aade942f5df4daf2a8fcf007de41c47a26d36e4df124215 |
| MD5 hash: | 6fc7737e18d256321bf582f8b45e799d |
| MIME type: | text/plain |
| Signature | LummaStealer |
| File name: | ReflectionExtension_getVersion_basic.phpt |
|---|---|
| File size: | 297 bytes |
| SHA256 hash: | 65865d6e2a80c8da2babf62009aa7b2303c0cef3ffff96e15e8efab95b09804e |
| MD5 hash: | 6bddfe202ce702ce5cfbdccdd2c3f98e |
| MIME type: | text/plain |
| Signature | LummaStealer |
| File name: | help.el.txt |
|---|---|
| File size: | 9'741 bytes |
| SHA256 hash: | 05cdf5a33891882a1b96e007c0ac8dc9f99592f3667f79d83904a38e38e8bbe2 |
| MD5 hash: | 14a267cde4ab3ba9bf15d6bac9eddff5 |
| MIME type: | text/plain |
| Signature | LummaStealer |
| File name: | sort_variation10.phpt |
|---|---|
| File size: | 2'041 bytes |
| SHA256 hash: | cc52928c79f73ce388f31bab150e2555d023e7f2a3e39ebe2fc517592c5916cc |
| MD5 hash: | 1dbff2b6afc24ddf395e91cbce41d17e |
| MIME type: | text/plain |
| Signature | LummaStealer |
| File name: | Microsoft.Azure.Management.Storage.dll |
|---|---|
| File size: | 243'256 bytes |
| SHA256 hash: | f573ef6af75ffdb8d4e24dcdf58496f93b685c38e687ddeda78857ec11101b2b |
| MD5 hash: | bbc9394952d6cc462a491cf2b923858a |
| MIME type: | application/x-dosexec |
| Signature | LummaStealer |
| File name: | SugarSyncService.dll |
|---|---|
| File size: | 342'168 bytes |
| SHA256 hash: | 1a2e730b65f704565ac0a660586e364c3372c6bc50d9e64f320fee0eb29c248e |
| MD5 hash: | 4fe9384d5f17dc6825630c11ce84a6ca |
| MIME type: | application/x-dosexec |
| Signature | LummaStealer |
| File name: | cover_import_main_loop.txt |
|---|---|
| File size: | 532 bytes |
| SHA256 hash: | e430ea00d8a1ab7839d7bf6a06b07fec0f9501aff7f58f146b8225a70c6e58c0 |
| MD5 hash: | 94e6626972e824c44a8befa7cc8f2a28 |
| MIME type: | text/x-c |
| Signature | LummaStealer |
| File name: | README_it_IT.txt |
|---|---|
| File size: | 18'948 bytes |
| SHA256 hash: | 01419ed5494b4cc8c31bfd03bfcfedb9751dea55329bec56c71a86c1857d3bfd |
| MD5 hash: | dabfc42c3af1f5b182d13d02579ec731 |
| MIME type: | text/plain |
| Signature | LummaStealer |
| File name: | Microsoft.VisualStudio.Debugger.VSCodeDebuggerHost.dll |
|---|---|
| File size: | 556'936 bytes |
| SHA256 hash: | a7ef749bc217369cccb2a43cb77faa45818747fc9b2c53c91ee6056990b2e4b3 |
| MD5 hash: | 597bdec2b9eb96188a10fc85a6b99c0d |
| MIME type: | application/x-dosexec |
| Signature | LummaStealer |
| File name: | DisplayLanguageNames.mk.txt |
|---|---|
| File size: | 29'038 bytes |
| SHA256 hash: | 78df5307039d9c7e52ff3b89164f1b0645c405a176055f0c1a82016e72ebfce1 |
| MD5 hash: | 932d1eac30a3c18eb1287b7dfc19bb41 |
| MIME type: | text/plain |
| Signature | LummaStealer |
| File name: | zend_atomic.h |
|---|---|
| File size: | 13'081 bytes |
| SHA256 hash: | 3cef0b5cfe447431666830c0717aff8f649553c757ba93774be4afc8305953db |
| MD5 hash: | 41e9830d24587d291fc0d0917c4e3be0 |
| MIME type: | text/x-c |
| Signature | LummaStealer |
| File name: | socket_send_params.phpt |
|---|---|
| File size: | 395 bytes |
| SHA256 hash: | 73f84776845043f054b6d842c4827088a2b7b9d6af617b5221a41c4e269447f9 |
| MD5 hash: | 1e469f36cf75eaebf37516de702ed1ad |
| MIME type: | text/plain |
| Signature | LummaStealer |
| File name: | npdeployJava1.dll |
|---|---|
| File size: | 1'085'344 bytes |
| SHA256 hash: | b4a1d8d2a3349aa2fc71c57f79b62b57a801552540302aa5abb4936e916c48e1 |
| MD5 hash: | 28fec9f9c57751388bbf14098474d94a |
| MIME type: | application/x-dosexec |
| Signature | LummaStealer |
| File name: | Microsoft.Kofe.Package.dll |
|---|---|
| File size: | 448'888 bytes |
| SHA256 hash: | 21366232be139dddfaf2b250058960f74452573534b20b00177a3fa79dfa76ab |
| MD5 hash: | 00e90f6c27a14b7201ef62d574275b89 |
| MIME type: | application/x-dosexec |
| Signature | LummaStealer |
| File name: | bug46813.phpt |
|---|---|
| File size: | 392 bytes |
| SHA256 hash: | c96aeaba162b6bdd375dcdc30454343fd258c9c96bece56b58f28479491c3af1 |
| MD5 hash: | e26d64d867d4a5ea669f2f0f2b1b64bc |
| MIME type: | text/x-c++ |
| Signature | LummaStealer |
| File name: | nn.txt |
|---|---|
| File size: | 5'987 bytes |
| SHA256 hash: | e6922e17b7622361bc4d07e76874a919e3095b477ed008986b94f84a931cb22f |
| MD5 hash: | 366b85bf575444d20944db387f94564e |
| MIME type: | text/plain |
| Signature | LummaStealer |
| File name: | array_change_key_case_variation6.phpt |
|---|---|
| File size: | 1'335 bytes |
| SHA256 hash: | b5669514cc62d2cbba64650d78a3847a87e897cd901019dd17c4ea9c927b5e24 |
| MD5 hash: | 8d7d1b05e748fac154a8c536764a3e45 |
| MIME type: | text/plain |
| Signature | LummaStealer |
| File name: | example.com_retract_rationale_v1.0.1-order.txt |
|---|---|
| File size: | 96 bytes |
| SHA256 hash: | 33f25934ebe9aecb868ae29d55f49527bde7a068b928315a1bc4fbfd7d74e88b |
| MD5 hash: | 50a6e047dd3d790dbac7261b7dd3d66d |
| MIME type: | text/plain |
| Signature | LummaStealer |
| File name: | README_pa.txt |
|---|---|
| File size: | 886 bytes |
| SHA256 hash: | 955f2b3d498b48d6f9de95f18efc78e107261af9f06c96708962f806ae757e72 |
| MD5 hash: | 589c116e00476da83d99ef35700553f9 |
| MIME type: | text/plain |
| Signature | LummaStealer |
| File name: | dpcmi.dll |
|---|---|
| File size: | 1'394'616 bytes |
| SHA256 hash: | 867788d0516348812a058dfdfd8fc7bc7e342cba7da58f057f98f7b1a432ff43 |
| MD5 hash: | 78e8b7e9d078fc519fbfa88812ba144a |
| MIME type: | application/x-dosexec |
| Signature | LummaStealer |
| File name: | VssProviderStub.dll |
|---|---|
| File size: | 305'584 bytes |
| SHA256 hash: | 5f1c4a8413d77ef78d6dc18a2164bd390af3bd04d53f7d1a0b64b0e53744ae92 |
| MD5 hash: | 06dc417189b2a5abf0404e3d0b3f73e5 |
| MIME type: | application/x-dosexec |
| Signature | LummaStealer |
| File name: | mod_retract_fix_version.txt |
|---|---|
| File size: | 1'168 bytes |
| SHA256 hash: | 0f38f8821e4f8341beaaf6f1d88d1a45da91bea2ad032f67314fe06dfa5ea731 |
| MD5 hash: | d33d5220cb14b3866baa6a0733c1c517 |
| MIME type: | text/plain |
| Signature | LummaStealer |
| File name: | ScreenColorLib.dll |
|---|---|
| File size: | 317'288 bytes |
| SHA256 hash: | 8a8361f1bede0a0512711cc4cd85123c032218a5e3a83e7429ca5431859439bd |
| MD5 hash: | 858d8b51df2d406ac540ce8bcc4e4cfe |
| MIME type: | application/x-dosexec |
| Signature | LummaStealer |
| File name: | bug64130.phpt |
|---|---|
| File size: | 546 bytes |
| SHA256 hash: | cbb4dfae0569adc2995a0ddce6f1e08a533571706c37951f30a4c0403b8dc467 |
| MD5 hash: | d1b97b026ae8592b880fe602c18dee47 |
| MIME type: | text/plain |
| Signature | LummaStealer |
| File name: | php_function_edge_cases.phpt |
|---|---|
| File size: | 975 bytes |
| SHA256 hash: | 2b3e106e1973805f0b76aee2a6307ff668a950141f183a218c5d589417c8c1e6 |
| MD5 hash: | 0a2e916f239be021513667c9a54095e4 |
| MIME type: | text/plain |
| Signature | LummaStealer |
| File name: | README_lv_LV.txt |
|---|---|
| File size: | 12'021 bytes |
| SHA256 hash: | 5d25e6abcec4943699e5ac6e725a0e0877f773eae5b2e8371a05f5d90e59ca51 |
| MD5 hash: | 472df5c52030e01a4dd87a66557a826a |
| MIME type: | text/plain |
| Signature | LummaStealer |
| File name: | NuGet.Protocol.dll |
|---|---|
| File size: | 886'704 bytes |
| SHA256 hash: | 483f2c891b2afd8c4a801af702b45458360147daf7e438b4e388675377c7c154 |
| MD5 hash: | b2abee1e594ed9f5ae1445c4f69a0231 |
| MIME type: | application/x-dosexec |
| Signature | LummaStealer |
| File name: | get_dot_slash_download.txt |
|---|---|
| File size: | 173 bytes |
| SHA256 hash: | da7550ab260cc1461bdffffca2ec7ea8a7876ca7b0a9d6758699f03b61b26b82 |
| MD5 hash: | 4b786a2fca424bb26f8630b96a1ba6e3 |
| MIME type: | text/plain |
| Signature | LummaStealer |
| File name: | DisplayLanguageNames.lt_LT.txt |
|---|---|
| File size: | 33'096 bytes |
| SHA256 hash: | aebb319e695ec48b4c188d905103808cfb3ea9b34806cee36ba974dbe09d4847 |
| MD5 hash: | 78f27a1d946f7fa0f4d8ddd5114f5ccf |
| MIME type: | text/plain |
| Signature | LummaStealer |
| File name: | French.txt |
|---|---|
| File size: | 25'804 bytes |
| SHA256 hash: | 52b77c71ff21c212316a71feea496108a16d4aa8047f67b37775f700db422e28 |
| MD5 hash: | b38d3a41ca99121e7df38fcf586fc730 |
| MIME type: | text/plain |
| Signature | LummaStealer |
| File name: | trust.exe |
|---|---|
| File size: | 234'698 bytes |
| SHA256 hash: | 95a65f1203e444c80fde62f10d3b6f24ff7ca2ab14a253cbdbccce1e2ac58462 |
| MD5 hash: | f825cf140156703f5b0119dd32f13fe3 |
| MIME type: | application/x-dosexec |
| Signature | LummaStealer |
| File name: | version_goexperiment.txt |
|---|---|
| File size: | 376 bytes |
| SHA256 hash: | 3f7ff6c11cf1fd05c77c8d9b2253dd32eb47e3510083c3678efd5aaf68f6f519 |
| MD5 hash: | ccb4b20f420f874af520065250702abf |
| MIME type: | text/x-c |
| Signature | LummaStealer |
| File name: | WzWXFFTP64.dll |
|---|---|
| File size: | 658'584 bytes |
| SHA256 hash: | 3e016ec2333e6d620c48e234ff11177d368677280c5a05f5bd1730bac81a62ee |
| MD5 hash: | 690bcdb6a7f9661a77ba9fae1bee6855 |
| MIME type: | application/x-dosexec |
| Signature | LummaStealer |
| File name: | WzWXFll64.dll |
|---|---|
| File size: | 610'968 bytes |
| SHA256 hash: | afc3132d046895526c82e3c29d06e636f059927a9fb57c3bf1a6558ccb9cf1a0 |
| MD5 hash: | 2a3864fc92d04501f150356ff842a4d4 |
| MIME type: | application/x-dosexec |
| Signature | LummaStealer |
| File name: | u_list_element.h |
|---|---|
| File size: | 689 bytes |
| SHA256 hash: | 7ac4a3b40ca1a6e8c58bb447aa67d5d32c65ae166f7c82da439ebfef67e15a9e |
| MD5 hash: | 4b756edcd07da6ffb8826ac998fad82b |
| MIME type: | text/x-c |
| Signature | LummaStealer |
| File name: | re.dll |
|---|---|
| File size: | 646'324 bytes |
| SHA256 hash: | 417132b0f23f1fd0cce8d81671ebafc7a93c613504277da3a278f8283691f8cc |
| MD5 hash: | 9dd1a51012e6db32f7e91bcd687e5863 |
| MIME type: | application/x-dosexec |
| Signature | LummaStealer |
| File name: | tclsh86.exe |
|---|---|
| File size: | 79'615 bytes |
| SHA256 hash: | c924dcf0b11acf90f268ce5baf415dc25f07a680ce7691afe07a0a2f996a8dc3 |
| MD5 hash: | b94ce9a4c4630bd89bc1755216eb3e9e |
| MIME type: | application/x-dosexec |
| Signature | LummaStealer |
| File name: | bug77390.phpt |
|---|---|
| File size: | 3'782 bytes |
| SHA256 hash: | aebef164f5bcd0f25aace20b304da15f8e6c06d07c87076a3a146c55b92fa58d |
| MD5 hash: | 4877b2eab265a9b3b4dbe18d0dd91e7c |
| MIME type: | text/plain |
| Signature | LummaStealer |
| File name: | TipRes.dll |
|---|---|
| File size: | 1'086'464 bytes |
| SHA256 hash: | fba5cfd9a35f0b4e6425794e80695b0699528591e25d67e78242082449525be3 |
| MD5 hash: | 13cd071b97458a30a2a5f433ce5aa1b7 |
| MIME type: | application/x-dosexec |
| Signature | LummaStealer |
| File name: | objects_007.phpt |
|---|---|
| File size: | 437 bytes |
| SHA256 hash: | 8f114678af13972a257313d58b868cbca9ac4fe459019d61eff76d895b6e8a1f |
| MD5 hash: | 101f42bd743ec79d09944ffac3293e55 |
| MIME type: | text/x-c++ |
| Signature | LummaStealer |
| File name: | libnghttp2-14.dll |
|---|---|
| File size: | 212'367 bytes |
| SHA256 hash: | fe62132c79637f137e988b560cf756fe40ceba4974c004ef6ec2c63c0ccdaf7b |
| MD5 hash: | 623fc5f3ee3511d9e7a98210e352d895 |
| MIME type: | application/x-dosexec |
| Signature | LummaStealer |
| File name: | FSharp.ProjectSystem.FSharp.resources.dll |
|---|---|
| File size: | 1'482'888 bytes |
| SHA256 hash: | 8d9c9ecf918c60ce1edfbef3aabba188aad34b646245009fd9299b3a56ffe51e |
| MD5 hash: | f5214299252e8a73beb50a076c8ca700 |
| MIME type: | application/x-dosexec |
| Signature | LummaStealer |
| File name: | Microsoft.Diagnostics.NETCore.Client.dll |
|---|---|
| File size: | 354'576 bytes |
| SHA256 hash: | 90c98a75dcb013f6191a0436a227a49e13305411a513a41b0fdcc7a8d2ffe992 |
| MD5 hash: | 9f207ab3ca1cfb418afddb4001f89fde |
| MIME type: | application/x-dosexec |
| Signature | LummaStealer |
| File name: | Qt6Sql.dll |
|---|---|
| File size: | 319'152 bytes |
| SHA256 hash: | ca43e048d389f3ca852447d24024ae63050d579a9e2ab9b5402a7cf2e45f88c5 |
| MD5 hash: | 083cb9fc97b8d88b01b8a61621920322 |
| MIME type: | application/x-dosexec |
| Signature | LummaStealer |
| File name: | umath-validation-set-README.txt |
|---|---|
| File size: | 982 bytes |
| SHA256 hash: | 19fae4994ff04e3a4b90e7ed583b866b2103755dd13e93761915505fad558162 |
| MD5 hash: | 7e89e3e480c74fcd3f957db0ba86521b |
| MIME type: | text/plain |
| Signature | LummaStealer |
| File name: | bug71539_3.phpt |
|---|---|
| File size: | 265 bytes |
| SHA256 hash: | 87cbb46288614c0774b5fa8fcc01f24ce76adb45092a1568ded95cfdf4317d37 |
| MD5 hash: | e7ea3c8cde5c064b748ae9ff803a196d |
| MIME type: | text/plain |
| Signature | LummaStealer |
| File name: | git-askpass.exe |
|---|---|
| File size: | 46'660 bytes |
| SHA256 hash: | 38b2907ac252586868e2b70a98b7fcbab65ba029be0f0125d7b009c8f7498856 |
| MD5 hash: | 84dd31c94e4a2d69b952646f0aa0c681 |
| MIME type: | application/x-dosexec |
| Signature | LummaStealer |
| File name: | RegisterIsr.dll |
|---|---|
| File size: | 1'043'200 bytes |
| SHA256 hash: | 31de17c95e5aad0345d6b8f93627ba97591c5d04b5ebd8276fabd129b470707a |
| MD5 hash: | ab9fa1f95438edfee01482bc49679ccf |
| MIME type: | application/x-dosexec |
| Signature | LummaStealer |
| File name: | mod_lazy_downgrade.txt |
|---|---|
| File size: | 3'789 bytes |
| SHA256 hash: | e510da778210bee6684de8527d50fe6a3ac3ba80ab9d460e064bb55f96fda542 |
| MD5 hash: | 0947299c040e2f748922966decc99993 |
| MIME type: | text/plain |
| Signature | LummaStealer |
| File name: | Microsoft.ProgramSynthesis.Suggestions.Code.Engine.dll |
|---|---|
| File size: | 240'536 bytes |
| SHA256 hash: | 10007a7de588b97ff6d2634860fbd7e8450b6d556d88037197227a2f5e747729 |
| MD5 hash: | f393f5d8e627a27e12a92909200004e1 |
| MIME type: | application/x-dosexec |
| Signature | LummaStealer |
| File name: | CYRILLIC.TXT |
|---|---|
| File size: | 13'432 bytes |
| SHA256 hash: | fb589ef667bc8a441630b830d48e1e38b1282228cf676a9934a2548e17dea241 |
| MD5 hash: | ffa329fca82694b8cb2981f98e44683b |
| MIME type: | text/plain |
| Signature | LummaStealer |
| File name: | objects_030.phpt |
|---|---|
| File size: | 497 bytes |
| SHA256 hash: | de90ec90e24de79d190b585630f8ef0dc9e7ecfa936630adea4e05cfc5f29415 |
| MD5 hash: | cd791bfa81ee6b9fe0471ab405acbc87 |
| MIME type: | text/x-c++ |
| Signature | LummaStealer |
| File name: | Microsoft.TeamFoundation.Lab.Client.dll |
|---|---|
| File size: | 258'448 bytes |
| SHA256 hash: | fad1ebd6eae791e0ca49a4ea7e5ffdce6ca70815d5a2cccb74be58f7c6e773f2 |
| MD5 hash: | 350415c34e30a70a4e9aaeb5f3d0415d |
| MIME type: | application/x-dosexec |
| Signature | LummaStealer |
| File name: | xor_001.phpt |
|---|---|
| File size: | 233 bytes |
| SHA256 hash: | c9660b5038b9af72bd4284dd09620c60df4f58f885476aa2b3d80b3a6a06ce75 |
| MD5 hash: | 056c35b1e579ab434b02ecb3e21420be |
| MIME type: | text/plain |
| Signature | LummaStealer |
| File name: | mod_mm.h |
|---|---|
| File size: | 1'228 bytes |
| SHA256 hash: | 70ea9504de95edab7416d7706fb4246babb73d8493dff5b6635808194a295db3 |
| MD5 hash: | 5678c8faeda50956c862d695b397db24 |
| MIME type: | text/x-c |
| Signature | LummaStealer |
| File name: | session_start_read_and_close.phpt |
|---|---|
| File size: | 1'038 bytes |
| SHA256 hash: | addbfa838191ff23c0af2261981e3143662ff437631fb3795a3efb86e3dfb092 |
| MD5 hash: | 407c9d3f1004673c408dda46df05998e |
| MIME type: | text/plain |
| Signature | LummaStealer |
| File name: | steal.mkv |
|---|---|
| File size: | 1'282'090 bytes |
| SHA256 hash: | 29766b0649dfe5ea5c0ab184845449fad63eff071cbe219002fc23c72f5221df |
| MD5 hash: | 948bc413f069d5a41a015f9afb7ef8f3 |
| MIME type: | application/octet-stream |
| Signature | LummaStealer |
| File name: | install_relative_gobin_fail.txt |
|---|---|
| File size: | 159 bytes |
| SHA256 hash: | a4c2c8ee829cc15bde83b3ec75edae9f40a398c88448e8da1ee1522bd332e561 |
| MD5 hash: | 97eb2537f339a56bfaa9d5b7629bcf2b |
| MIME type: | text/x-c |
| Signature | LummaStealer |
| File name: | Microsoft.TestPlatform.CommunicationUtilities.dll |
|---|---|
| File size: | 243'976 bytes |
| SHA256 hash: | 1234244cb1efc35fc87ac50daba756870d7e0024713f3eb3a3940344a9753685 |
| MD5 hash: | f7f702dd7ced0e03f7541cb071832652 |
| MIME type: | application/x-dosexec |
| Signature | LummaStealer |
| File name: | Microsoft.Azure.Management.ServiceBus.Fluent.dll |
|---|---|
| File size: | 448'904 bytes |
| SHA256 hash: | 7c5ef6b8532332f8f24f3596c0d98d3284730e71c029ddcf1d91e6d3285f2dbe |
| MD5 hash: | c6a420afa1c2e5afdfdce7ee1e49d6d3 |
| MIME type: | application/x-dosexec |
| Signature | LummaStealer |
| File name: | Microsoft.CodeAnalysis.Remote.Workspaces.dll |
|---|---|
| File size: | 449'808 bytes |
| SHA256 hash: | e634ca4353d4a951bc136286ea2deb8fc73e435c4dc606fc3c29801734c4d29f |
| MD5 hash: | 70a5e9c1e08e935771ffa077ec80a0e4 |
| MIME type: | application/x-dosexec |
| Signature | LummaStealer |
| File name: | SCCore.dll |
|---|---|
| File size: | 718'024 bytes |
| SHA256 hash: | 934a8829d2d1538cbdf8b6f4e6909b7168ec380e0ec0df12604fc9c02cfcc9b3 |
| MD5 hash: | fa82cb082abb2c6ee3119f7a227e5d39 |
| MIME type: | application/x-dosexec |
| Signature | LummaStealer |
| File name: | constants_visibility_002.phpt |
|---|---|
| File size: | 552 bytes |
| SHA256 hash: | c36c6fd169608412f8f2f6a9b0295c41c9f764a67dcd89f4f9ba9170c0f0f887 |
| MD5 hash: | e769f2e812e5383d46ffe9f9a53c502a |
| MIME type: | text/x-c++ |
| Signature | LummaStealer |
| File name: | cover_cgo_extra_file.txt |
|---|---|
| File size: | 560 bytes |
| SHA256 hash: | 7765460023c222695080184cb88e1a839f08fdee44563d14a48729d0faec3306 |
| MD5 hash: | 77c44fc70dc3867ab3fdfca1740f2f70 |
| MIME type: | text/plain |
| Signature | LummaStealer |
| File name: | biog.sql |
|---|---|
| File size: | 46'341 bytes |
| SHA256 hash: | 8e4c524061baccfde00ef2d02584bad637716e966ed5d3c50d1b59b82524f31a |
| MD5 hash: | 32bce9c316849411dac0bb1072f16d16 |
| MIME type: | application/octet-stream |
| Signature | LummaStealer |
| File name: | Microsoft.TeamFoundation.TestManagement.WebApi.dll |
|---|---|
| File size: | 460'208 bytes |
| SHA256 hash: | d25e97b3ce91b7693d0d743e2cbc833128bac039c5e6378d1dc7c050cf5ed6f6 |
| MD5 hash: | 7e1423ca3af1c7448aeb18a5befa509e |
| MIME type: | application/x-dosexec |
| Signature | LummaStealer |
| File name: | rsc.io_quote_v1.4.0.txt |
|---|---|
| File size: | 1'981 bytes |
| SHA256 hash: | 6e0fa9bd7e422f9d41f44a1aa3f38a0fa338285c74338397be40f4304feb4902 |
| MD5 hash: | e439def14df8bdde297450084892e8b7 |
| MIME type: | text/plain |
| Signature | LummaStealer |
| File name: | libnettle-8.dll |
|---|---|
| File size: | 335'760 bytes |
| SHA256 hash: | 8b414a0e1c7cd04c382f3c6c8f591799aa55051afc893e8103a3d48eb7194e96 |
| MD5 hash: | a9e9a570b9b6172eec2a7f71e91891d6 |
| MIME type: | application/x-dosexec |
| Signature | LummaStealer |
| File name: | TurboActivate.dll |
|---|---|
| Pumped file | This file is pumped. MalwareBazaar has de-pumped it. |
| File size: | 1'161'012'330 bytes |
| SHA256 hash: | 02abfa9fe80b4ff15eda1fc38aaf8afd64459a110d91caf0849ba2f714e61f88 |
| MD5 hash: | ad0d433dc705398c571c917addf5c669 |
| De-pumped file size: | 1'116'160 bytes (Vs. original size of 1'161'012'330 bytes) |
| De-pumped SHA256 hash: | f0783ad4ef6966175ef799a6a29fd4f1fd3c1a25ccc0cfbab43bf75b2c034875 |
| De-pumped MD5 hash: | af81fa8ddc4efea8d5b38732ab16690a |
| MIME type: | application/x-dosexec |
| Signature | LummaStealer |
| File name: | bug53432.phpt |
|---|---|
| File size: | 1'172 bytes |
| SHA256 hash: | f3ae3594494f7eb965de064c457c6b28191de6ed509e7b62e28ef8293acb2169 |
| MD5 hash: | f802fd539a0653828eb1e17a7dbdda0f |
| MIME type: | text/plain |
| Signature | LummaStealer |
| File name: | rename_variation13-win32.phpt |
|---|---|
| File size: | 3'758 bytes |
| SHA256 hash: | e1aec1d95d141cb3d41a0081e26fd6ec2326059735000150f27993211776ff76 |
| MD5 hash: | 088dadbe8096e94cf7349e4a1b4d2e69 |
| MIME type: | text/plain |
| Signature | LummaStealer |
Vendor Threat Intelligence
Verdict:
Malicious
Score:
94.1%
Tags:
infosteal shell virus sage
Result
Verdict:
UNKNOWN
Threat name:
Binary.Trojan.Generic
Status:
Suspicious
First seen:
2025-03-21 20:29:08 UTC
File Type:
Binary (Archive)
AV detection:
4 of 24 (16.67%)
Threat level:
5/5
Detection(s):
Suspicious file
Please note that we are no longer able to provide a coverage score for Virus Total.
YARA Signatures
MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.
| Rule name: | DebuggerCheck__API |
|---|---|
| Reference: | https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara |
| Rule name: | golang_bin_JCorn_CSC846 |
|---|---|
| Author: | Justin Cornwell |
| Description: | CSC-846 Golang detection ruleset |
| Rule name: | pe_detect_tls_callbacks |
|---|
| Rule name: | reverse_http |
|---|---|
| Author: | CD_R0M_ |
| Description: | Identify strings with http reversed (ptth) |
| Rule name: | RIPEMD160_Constants |
|---|---|
| Author: | phoul (@phoul) |
| Description: | Look for RIPEMD-160 constants |
| Rule name: | SHA1_Constants |
|---|---|
| Author: | phoul (@phoul) |
| Description: | Look for SHA1 constants |
| Rule name: | SHA512_Constants |
|---|---|
| Author: | phoul (@phoul) |
| Description: | Look for SHA384/SHA512 constants |
| Rule name: | Sus_Obf_Enc_Spoof_Hide_PE |
|---|---|
| Author: | XiAnzheng |
| Description: | Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP) |
| Rule name: | svg_attached_js_code |
|---|---|
| Author: | Anish Bogati |
| Description: | Detects suspicious SVG files with JS code and base 64 encoding |
| Rule name: | test_Malaysia |
|---|---|
| Author: | rectifyq |
| Description: | Detects file containing malaysia string |
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
LummaStealer
7z 9ade8e2deac223a99974d5465bbb7e3e6ed95e6a2b085b60a6f808a47ce46b71
(this sample)
exe Delivery method
Distributed via web download
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.