MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ae09ac122f409b47d00d8e8f1d98dfa134366e165fb3547debf1beddfe77d5ee. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


LummaStealer


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ae09ac122f409b47d00d8e8f1d98dfa134366e165fb3547debf1beddfe77d5ee
SHA3-384 hash: 025e3b6fbd3e198722f0aae8fb93e0f397634dff9f04df99a048c237492d8b5ce161c393a3fdb14b94d7c1d47bdf868a
SHA1 hash: 83054bbe56a02233049bc5b22bd8a3ae5231f141
MD5 hash: 3c9782738f4c6d31f14ca2a2a9c0355d
humanhash: oxygen-coffee-salami-snake
File name:ww.vbs
Download: download sample
Signature LummaStealer
Create hunting rule
File size:434 bytes
First seen:2025-11-29 04:58:47 UTC
Last seen:Never
File type:Visual Basic Script (vbs) vbs
MIME type:text/plain
ssdeep 6:j+RwQ9vDzFsJgg2gAC3NqhLx0HGFGH/tCOBaiS0LSyjFaYZiXMvveAt/UC1AED:K3vDzEcCYhLGHMw/opjy4wiu1UlED
Threatray 2 similar samples on MalwareBazaar
TLSH T195E0AB14DD269297173215E5E04A8B06CED3E423202798257500DC059F2C8AD2A2C1F3
Magika vba
Reporter amznemu
Tags:LummaStealer vbs

Intelligence

File Origin
# of uploads :
1
# of downloads :
52
Origin country :
ID ID
Vendor Threat Intelligence
No detections
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/41795/
Verdict:
Malicious
Score:
96.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=692a7da86cb1dcd5778242bf
Tags:
trojandownloader emotet extens virus
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
dropper
Link:
https://www.filescan.io/uploads/692a7da2d0d5e7288b502579/reports/43dbd776-18af-40dc-bf81-00eda26d5993/overview
Verdict:
Malicious
Labled as:
GT:VB.Downloader.3
Link:
https://www.hybrid-analysis.com/sample/ae09ac122f409b47d00d8e8f1d98dfa134366e165fb3547debf1beddfe77d5ee
Verdict:
Malicious
File Type:
vbs
First seen:
2025-11-27T14:35:00Z UTC
Last seen:
2025-11-30T12:37:00Z UTC
Hits:
~100
Detections:
Trojan-PSW.Stealerc.HTTP.C&C Trojan-PSW.Lumma.TCP.C&C Trojan.Win32.Inject.sb Trojan.MSIL.Agent.sb Trojan-Downloader.JS.Cryptoload.sb HEUR:Trojan.Win64.Generic Trojan-Downloader.Agent.HTTP.C&C Trojan-PSW.Win32.Lumma.sb Trojan-Downloader.JS.SLoad.sb HEUR:Trojan-Downloader.Script.Generic PDM:Trojan.Win32.Generic VHO:Trojan.Win64.Kryptik.gen
Link:
https://opentip.kaspersky.com/ae09ac122f409b47d00d8e8f1d98dfa134366e165fb3547debf1beddfe77d5ee/results?tab=lookup
Score:
12%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/ae09ac122f409b47d00d8e8f1d98dfa134366e165fb3547debf1beddfe77d5ee
Verdict:
Malware
YARA:
1 match(es)
Tags:
ADODB.Stream MSXML2.XMLHTTP VBScript WScript.Shell
Link:
https://app.malva.re/file/3c9782738f4c6d31f14ca2a2a9c0355d
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ae09ac122f409b47d00d8e8f1d98dfa134366e165fb3547debf1beddfe77d5ee/
Verdict:
Malicious
Threat:
Family.LUMMA
Link:
https://tip.neiki.dev/file/ae09ac122f409b47d00d8e8f1d98dfa134366e165fb3547debf1beddfe77d5ee
Threat name:
Script-WScript.Trojan.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-11-27 22:56:11 UTC
File Type:
Text (VBS)
AV detection:
11 of 38 (28.95%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vye2yerpicnupuanr2hr3gg7ue2dm3qwl6zvi7pl6g7n37tx2xxa._file
Verdict:
malicious
Label(s):
lummastealer
Create hunting rule
Similar samples:
a78c020b15f9950b95d5813baa198612e19ddfa6c47c22b6a379c9d09e836805
LummaStealer
error
LummaStealer
Result
Malware family:
lumma
Create hunting rule
Score:
  10/10
Tags:
family:lumma discovery stealer
Link:
https://tria.ge/reports/251129-fmhp3svqer/
Behaviour
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Suspicious use of SetThreadContext
Checks computer location settings
Executes dropped EXE
Badlisted process makes network request
Downloads MZ/PE file
Lumma Stealer, LummaC
Lumma family
Malware Config
C2 Extraction:
https://convuey.cyou/api
https://bendavo.su/asdsa
https://conxmsw.su/vcsf
https://narroxp.su/rewd
https://squeaue.su/qwe
https://ozonelf.su/asd
https://exposqw.su/casc
https://squatje.su/asdasd
https://vicareu.su/bcdf
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ae09ac122f409b47d00d8e8f1d98dfa134366e165fb3547debf1beddfe77d5ee

File information

The table below shows additional information about this malware sample such as delivery method and external references.

LummaStealer

Visual Basic Script (vbs) vbs ae09ac122f409b47d00d8e8f1d98dfa134366e165fb3547debf1beddfe77d5ee

(this sample)

LummaStealer

Executable exe a78c020b15f9950b95d5813baa198612e19ddfa6c47c22b6a379c9d09e836805

Cape
Cape
https://www.capesandbox.com/analysis/41795/
  
Dropping
SHA256 a78c020b15f9950b95d5813baa198612e19ddfa6c47c22b6a379c9d09e836805
  
Dropping
MD5 5130e3e2e096fe07cbb91e420567f751

Comments