MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 be65d31bb279c4fa92c4afc57e528bc055d3f6cd0d310733d94053de887660a6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


LummaStealer


Vendor detections: 3


Intelligence 3 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: be65d31bb279c4fa92c4afc57e528bc055d3f6cd0d310733d94053de887660a6
SHA3-384 hash: 8ec0d8960461305c0cede1b9cd0b041485fafc6c42d7f8b77da6210e0f9e26a23c34d090ca62369adb34bd4d070580dd
SHA1 hash: 6e7f98d8441f5d366f402cf4951c150bb47cfbc7
MD5 hash: dac8381f27abc16ac0c5f2623e230eab
humanhash: undress-hawaii-quebec-connecticut
File name:inpixio_photo_cutter_v10.5.8105.27930_(x64)_pre-cracked.7z
Download: download sample
Signature LummaStealer
Create hunting rule
File size:15'156'627 bytes
First seen:2025-03-27 14:49:27 UTC
Last seen:Never
File type: 7z
MIME type:application/x-7z-compressed
Note:This file is a password protected archive. The password is: 5127
ssdeep 196608:EdrDK9uU54W2I1hvi0RnfrpdCEazQ7doL4kER+l9Z50w+KwuDVlUv0QnZAVGA/:EdrDUwI7fSD2M4BI9ZjvVla0EZAVP/
TLSH T187E6332AB0737AB0EF524020612D7E9E8B439380C4DCE9D5DCA15B69BA16F27D670737
TrID 57.1% (.7Z) 7-Zip compressed archive (v0.4) (8000/1)
42.8% (.7Z) 7-Zip compressed archive (gen) (6000/1)
Magika sevenzip
Reporter aachum
Tags:7z AutoIT file-pumped LummaStealer pw-5127


Avatar
iamaachum
https://media.pepescoin.cash/InPixio_Photo_Cutter_v10.5.8105.27930_%28x64%29_Pre-Cracked.zip?c=ABhc5WcvYwUA_YUCAEVTFwAMAAAAAAD8 => https://arch2.pepescoin.cash/request/media/0JaELtb20wspvy1PSYei7784/InPixio_Photo_Cutter_v10.5.8105.27930_(x64)_Pre-Cracked.zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
90
Origin country :
ES ES
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:appFile.exe
Pumped file This file is pumped. MalwareBazaar has de-pumped it.
File size:945'050'064 bytes
SHA256 hash: d4871b5f9b76510e05c44a214c7310dd97ca57dd80ced4839924c04b6716f071
MD5 hash: 949b55a713169141d2d3a699a7d85910
De-pumped file size:286'720 bytes (Vs. original size of 945'050'064 bytes)
De-pumped SHA256 hash: 5685df3f333aaafd3f168e85c4485cd543b067f8268f51d373cc21e6f8ba4625
De-pumped MD5 hash: 09a0876c0a1a9e8eb97018ac56909168
MIME type:application/x-dosexec
Signature LummaStealer
Vendor Threat Intelligence
Verdict:
Malicious
Score:
90.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67e5721907a62b982d3e03e5
Tags:
autoit emotet
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/be65d31bb279c4fa92c4afc57e528bc055d3f6cd0d310733d94053de887660a6
Result
Verdict:
UNKNOWN
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/be65d31bb279c4fa92c4afc57e528bc055d3f6cd0d310733d94053de887660a6/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xzs5gg5sphcpvewev7cx4uulybk5h5wnbuyqom6zibj55cdwmcta._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery spyware stealer
Link:
https://tria.ge/reports/250327-s1k4kstzbx/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Drops file in Windows directory
Enumerates processes with tasklist
Checks installed software on the system
Checks computer location settings
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of local email clients
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

LummaStealer

7z be65d31bb279c4fa92c4afc57e528bc055d3f6cd0d310733d94053de887660a6

(this sample)

LummaStealer

Executable exe 5685df3f333aaafd3f168e85c4485cd543b067f8268f51d373cc21e6f8ba4625

  
Link
https://tria.ge/250327-rymzqatshs/behavioral1
  
Delivery method
Distributed via web download
  
Dropping
SHA256 5685df3f333aaafd3f168e85c4485cd543b067f8268f51d373cc21e6f8ba4625
  
Dropping
MD5 09a0876c0a1a9e8eb97018ac56909168
  
Dropping
SHA256 22ed924f01afc947618c29365ef37d09a8cb5a195bd7413b5902906be43b15fb
  
Dropping
MD5 32f5c95250fa0de1edde670984fa5c1a

Comments