MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aca862498dc80512772af2d41368322b102d3d34fbb7538436ec8881b17c217d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

LummaStealer

Vendor detections: 10

Intelligence 10 IOCs YARA 11 File information Comments

SHA256 hash:	aca862498dc80512772af2d41368322b102d3d34fbb7538436ec8881b17c217d
SHA3-384 hash:	aa55491e5e5990fd89bbedca3637b28efab600f2fe598ad3787de3a22f71b2a77f4480990215cf695edf8a7fbbd76aa3
SHA1 hash:	c0bf15476f50c9a0da046623247ef83c1245f901
MD5 hash:	305401380b16b0d17cb8ca76d6f44a6e
humanhash:	louisiana-bluebird-pip-fanta
File name:	SecuriteInfo.com.Win32.MalwareX-gen.58718828
Download:	download sample
Signature	LummaStealer Create hunting rule
File size:	919'040 bytes
First seen:	2025-08-18 14:16:52 UTC
Last seen:	2025-08-18 15:27:29 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	fe280cb08665ed8487b069570df19f66 (1 x LummaStealer)
ssdeep	24576:rlgf/1lz0Ql2OwkaG5Nkl2mR3YvQ2WXvt7bROQ:rlgfdlz0QwAVkl223H2WXvJROQ
TLSH	T1C8151282F5C180A3FD7214356579D32A853EFAB21F109EDB139857AACB606C1873276F
TrID	49.9% (.EXE) Win64 Executable (generic) (10522/11/4) 21.3% (.EXE) Win32 Executable (generic) (4504/4/1) 9.6% (.EXE) OS/2 Executable (generic) (2029/13) 9.5% (.EXE) Generic Win/DOS Executable (2002/3) 9.4% (.EXE) DOS Executable Generic (2000/1)
Magika	pebin
Reporter	SecuriteInfoCom
Tags:	exe LummaStealer

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

SecuriteInfo.com.Win32.MalwareX-gen.58718828

Verdict:

No threats detected

Analysis date:

2025-08-18 14:17:30 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/b4aebe08-eebc-466e-961e-b69c0df99f74

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/21964/

Detection(s):

SecuriteInfo.com.Win32.MalwareX-gen.58718828.UNOFFICIAL

Verdict:

Malicious

Score:

91.7%

Link:

https://cyber-fortress.com/docs/result/index.php?id=68a335e0c2f5296a1a282ed5

Tags:

cobalt xtreme shell sage

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a file in the %temp% directory

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

microsoft_visual_cc obfuscated packed packed packer_detected

Link:

https://www.filescan.io/uploads/68a335daba1f5bb1e60cf815/reports/66447c6f-91d0-47f1-9050-172fdcb99d3e/overview

Verdict:

Malicious

Labled as:

Lazy.Generic

Link:

https://www.hybrid-analysis.com/sample/aca862498dc80512772af2d41368322b102d3d34fbb7538436ec8881b17c217d

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/9e674b9d-1cd6-4072-8178-c3a144a51a52

Score:

100%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/aca862498dc80512772af2d41368322b102d3d34fbb7538436ec8881b17c217d

Verdict:

inconclusive

YARA:

4 match(es)

Tags:

Executable PE (Portable Executable) PE File Layout Win 32 Exe x86

Link:

https://app.malva.re/file/305401380b16b0d17cb8ca76d6f44a6e

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/aca862498dc80512772af2d41368322b102d3d34fbb7538436ec8881b17c217d/

Verdict:

Malicious

Threat:

VHO:Trojan.Win32.Injuke

Link:

https://tip.neiki.dev/file/aca862498dc80512772af2d41368322b102d3d34fbb7538436ec8881b17c217d

Threat name:

Win32.Trojan.Amadey

Status:

Malicious

First seen:

2025-08-18 12:37:27 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

29 of 38 (76.32%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=vsugesmnzacre5zk6lkbg2bsfmic2pju7o3vhbbw5seidml4ef6q._file

Result

Malware family:

n/a

Score:

3/10

Tags:

discovery

Link:

https://tria.ge/reports/250818-rlmhesvjs7/

Behaviour

System Location Discovery: System Language Discovery

Verdict:

Suspicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/e4722dd1-c2bc-4f5b-8930-ed9e3640f014

Unpacked files

SH256 hash:

aca862498dc80512772af2d41368322b102d3d34fbb7538436ec8881b17c217d

MD5 hash:

305401380b16b0d17cb8ca76d6f44a6e

SHA1 hash:

c0bf15476f50c9a0da046623247ef83c1245f901

Link:

https://www.unpac.me/results/693ffeb9-8384-47da-802c-a06c50ffc5a3/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/aca862498dc80512772af2d41368322b102d3d34fbb7538436ec8881b17c217d

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	cobalt_strike_tmp01925d3f Create hunting rule
Author:	The DFIR Report
Description:	files - file ~tmp01925d3f.exe
Reference:	https://thedfirreport.com

Rule name:	DebuggerCheck__API Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	DebuggerCheck__QueryInfo Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset

Rule name:	HeavensGate Create hunting rule
Author:	kevoreilly
Description:	Heaven's Gate: Switch from 32-bit to 64-mode

Rule name:	NET Create hunting rule
Author:	malware-lu

Rule name:	RIPEMD160_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for RIPEMD-160 constants

Rule name:	SHA1_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for SHA1 constants

Rule name:	Sus_Obf_Enc_Spoof_Hide_PE Create hunting rule
Author:	XiAnzheng
Description:	Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)