MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b404ee84e4b5100561bc108c58aedc06cae277cd220067dce59a3c1cc93a3ac1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

LummaStealer

Vendor detections: 10

Intelligence 10 IOCs YARA File information Comments

SHA256 hash:	b404ee84e4b5100561bc108c58aedc06cae277cd220067dce59a3c1cc93a3ac1
SHA3-384 hash:	f3308cf042ce7ea5c91b396b33f2f0e7a2c57829319da2046b6049dc5b3228f7568a18e11d65633d47b5ea4fb5b05304
SHA1 hash:	e0f3a15f086a3daab49242376dcd5c76a3888d20
MD5 hash:	123f90955530fdab49599f6bb8d40980
humanhash:	north-july-asparagus-grey
File name:	92.255.57_1.112.ps1
Download:	download sample
Signature	LummaStealer Create hunting rule
File size:	538'502 bytes
First seen:	2025-01-15 07:22:55 UTC
Last seen:	Never
File type:	ps1
MIME type:	text/plain
ssdeep	6144:eVe/8jH/fkbaAiHnVExoyZYwOiY1LBSUkf2jFgdIVgMbJN+5PVu1Zhn6w/lAVigH:eFwoW2h7dVI42CoeUJ2z6m20sFqwgY
Threatray	12 similar samples on MalwareBazaar
TLSH	T107B47D3240537C5F3B9A2ECEA4006EC00C5839A77618D154AE899276F2FD53B9E6D9FC
Magika	powershell
Reporter	JAMESWT_WT
Tags:	92-255-57-112 booking LummaStealer ps1 Spam-ITA

Intelligence

File Origin

# of uploads :

1

# of downloads :

93

Origin country :

IT

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.PowerShell.Obfus-9.UNOFFICIAL

Verdict:

Malicious

Score:

81.4%

Link:

https://cyber-fortress.com/docs/result/index.php?id=678762584487910100df2a0e

Tags:

virus

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

confuserex net obfuscated

Link:

https://www.filescan.io/uploads/678762613c232c0ddc8f549b/reports/d48a928e-05a0-48cf-8193-3199f902dc5b/overview

Verdict:

Suspicious

Labled as:

Trojan[Dropper]/Agent.a

Link:

https://www.hybrid-analysis.com/sample/b404ee84e4b5100561bc108c58aedc06cae277cd220067dce59a3c1cc93a3ac1

Result

Verdict:

UNKNOWN

Result

Threat name:

LummaC

Detection:

malicious

Classification:

troj.evad

Score:

96 / 100

Link:

https://www.joesandbox.com/analysis/1591629

Signature

AI detected suspicious sample

Antivirus detection for URL or domain

C2 URLs / IPs found in malware configuration

Found malware configuration

Injects a PE file into a foreign processes

LummaC encrypted strings found

Sample uses string decryption to hide its real strings

Suricata IDS alerts for network traffic

Writes to foreign memory regions

Yara detected LummaC Stealer

Behaviour

Behavior Graph:

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/b404ee84e4b5100561bc108c58aedc06cae277cd220067dce59a3c1cc93a3ac1

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/b404ee84e4b5100561bc108c58aedc06cae277cd220067dce59a3c1cc93a3ac1/

Threat name:

Script-PowerShell.Trojan.LummaStealer

Status:

Malicious

First seen:

2025-01-15 04:49:56 UTC

File Type:

Text

AV detection:

10 of 24 (41.67%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=wqco5bhewuiakyn4ccgfrlw4a3foe56neiagpxhfti6bzsj2hlaq._file

Verdict:

malicious

Label(s):

lummastealer

Similar samples:

229385fbe03dd8ab9489ee1f0f4a5916b89be800aa27b7d563b63080211235a9

276b08cdfcba38b36290db8a3162df343ba0f2bc3d3e48d22928ae61480b8183

2abcdd856020c9a5a7dcb9d73d2fb175a598fed6bc62b6dbabbb128ce658e17f

3e7395ddfc7e38e08e6be54e3ba7c9de2d7ea1a73c9926ab607c76f3031394f6

b6c22e7ae8a0058a9c51edd8941feac20f88a86a3db2038689161368bd802875

d5a861959e92c8a53a516c7438448396e7e433866488b01eba69354897ed5417

+ 2 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

5/10

Tags:

discovery execution

Link:

https://tria.ge/reports/250115-h7srwsvnew/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Command and Scripting Interpreter: PowerShell

System Location Discovery: System Language Discovery

Suspicious use of SetThreadContext

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/b404ee84e4b5100561bc108c58aedc06cae277cd220067dce59a3c1cc93a3ac1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ps1 b404ee84e4b5100561bc108c58aedc06cae277cd220067dce59a3c1cc93a3ac1

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/3399030/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample