MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cb82590b5eb2080053bfd952077826095a4be4b0fec995027c1615e21d4229d2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

LummaStealer

Vendor detections: 7

Intelligence 7 IOCs YARA 61 File information Comments

SHA256 hash:	cb82590b5eb2080053bfd952077826095a4be4b0fec995027c1615e21d4229d2
SHA3-384 hash:	15b64e8ff54d6d888ee2c167b104f979401876061936aa0d6cba75e82f1b1e09332ef66bba26bdc2f11f6892c9dbe2c2
SHA1 hash:	d26852a0b5a5b2667cdb35fd5619da14706556b4
MD5 hash:	64d19e5e5f1c8168659ba0b6378aaee8
humanhash:	zulu-earth-uncle-echo
File name:	SETUP.zip
Download:	download sample
Signature	LummaStealer Create hunting rule
File size:	8'763'565 bytes
First seen:	2025-09-06 17:23:23 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	196608:2jfGcyGoo2k4oSEauO6r7iOU4tA6415beuHruvt8MeOdlBO:2TxS+bXhviO3tabxHKv5Ro
TLSH	T194963311F43033A6DC59CAB029F01AA863E51D7603375AD0137B36AFEBABF6D5B64520
Magika	zip
Reporter	aachum
Tags:	file-pumped LummaStealer zip

iamaachum

https://iesgjkvlks.online/?n1tLjmA-utm=17ZYiQ => https://www.mediafire.com/file/inlhrikni74v902/%C2%ABYursFileReady_PassW%C3%96rdI%C5%9C__%C2%AB%C2%AB2234%C2%BB%C2%BB__%C2%BB!.zip/file

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

File Archive Information

This file archive contains 32 file(s), sorted by their relevance:

File name:	MSVCP140.dll
File size:	436'600 bytes
SHA256 hash:	51398691feef7ae0a876b523aec47c4a06d9a1ee62f1a0aee27de6d6191c68ad
MD5 hash:	8ff1898897f3f4391803c7253366a87b
MIME type:	application/x-dosexec
Signature	LummaStealer

File name:	api-ms-win-core-synch-l1-2-0.dll
File size:	18'384 bytes
SHA256 hash:	9ac63682e03d55a5d18405d336634af080dd0003b565d12a39d6d71aaa989f48
MD5 hash:	659e4febc208545a2e23c0c8b881a30d
MIME type:	application/x-dosexec
Signature	LummaStealer

File name:	api-ms-win-core-timezone-l1-1-0.dll
File size:	18'384 bytes
SHA256 hash:	a108a8f20ded00e742a1f818ef00eb425990b6b24a2bcd060dea4d7f06d3f165
MD5 hash:	69df2cce4528c9e38d04a461ba1f992b
MIME type:	application/x-dosexec
Signature	LummaStealer

File name:	api-ms-win-core-profile-l1-1-0.dll
File size:	17'360 bytes
SHA256 hash:	d00a0edace14715bf79dbd17b715d8a74a2300f0adb1f3fc137edfb7074c9b0a
MD5 hash:	6ee66dca31c5cce57740d677c85b4ce7
MIME type:	application/x-dosexec
Signature	LummaStealer

File name:	api-ms-win-crt-process-l1-1-0.dll
File size:	18'896 bytes
SHA256 hash:	542a22540cdb7df46d957a0208d50507916f7c737bea833931239d56ebe8d68c
MD5 hash:	66f4e530a19ed2f6862b5ce946437875
MIME type:	application/x-dosexec
Signature	LummaStealer

File name:	NvStWiz.prx
File size:	442'680 bytes
SHA256 hash:	c2ad5bd189df04b39be18dec5cd251cf79b066010706ad26d99df7e49fd07762
MD5 hash:	9e82e3b658393bed3f7e4f090df1fbe7
MIME type:	application/x-dosexec
Signature	LummaStealer

File name:	libcrypto-1_1.dll
File size:	1'668'848 bytes
SHA256 hash:	1c53636c057477792d6accc5431aae32e85225584c5bfb5ff609a8457b8a71df
MD5 hash:	946f1c3326fc61c0d3c9f92b1c1d5f2d
MIME type:	application/x-dosexec
Signature	ACRStealer

File name:	tradingnetworkingsockets.dll
File size:	4'249'928 bytes
SHA256 hash:	fc4a65ff603bf1f4bfe323de1866145ae1e006aa656799fd134dfa63d92d47c1
MD5 hash:	3cf26ce759c5e261fe3ecc6451b8b08e
MIME type:	application/x-dosexec
Signature	LummaStealer

File name:	api-ms-win-crt-private-l1-1-0.dll
File size:	70'608 bytes
SHA256 hash:	696c10112d8b86a46e5057cbd0bf40728e79c6bb49cda1f2c67fe45d0fc1258d
MD5 hash:	ad8d9a6ea592a6c8a78c67a805cec952
MIME type:	application/x-dosexec
Signature	LummaStealer

File name:	api-ms-win-crt-heap-l1-1-0.dll
File size:	18'896 bytes
SHA256 hash:	0166edfb23cfc77519c97862a538a69b5d805d6a17d6e235f46927af5c04b3c9
MD5 hash:	9c373c00ac3138233bdf1655c7be8e86
MIME type:	application/x-dosexec
Signature	LummaStealer

File name:	api-ms-win-core-util-l1-1-0.dll
File size:	17'872 bytes
SHA256 hash:	68bd9c086d210eb14e78f00988ba88ceaf9056c8f10746ab024990f8512a2296
MD5 hash:	c6553959aecd5bac01c0673cfdf86b68
MIME type:	application/x-dosexec
Signature	LummaStealer

File name:	api-ms-win-core-synch-l1-1-0.dll
File size:	19'920 bytes
SHA256 hash:	8bb38a7a59fbaa792b3d5f34f94580429588c8c592929cbd307afd5579762abc
MD5 hash:	979c67ba244e5328a1a2e588ff748e86
MIME type:	application/x-dosexec
Signature	LummaStealer

File name:	VCRUNTIME140.dll
File size:	76'168 bytes
SHA256 hash:	9faeaa45e8cc986af56f28350b38238b03c01c355e9564b849604b8d690919c5
MD5 hash:	1a84957b6e681fca057160cd04e26b27
MIME type:	application/x-dosexec
Signature	LummaStealer

File name:	api-ms-win-crt-math-l1-1-0.dll
File size:	27'088 bytes
SHA256 hash:	c7115159babdaa1f52e478e67b4e612da2332fda4e4036999b29425fe303b6e8
MD5 hash:	bc418a3461c5fdfa1a0d75f7e03d08a7
MIME type:	application/x-dosexec
Signature	LummaStealer

File name:	api-ms-win-core-rtlsupport-l1-1-0.dll
File size:	18'384 bytes
SHA256 hash:	d11093fdc1d5c9213b9b2886ce91db3ded17ef8dae1615a8c7ffbc55b8e3f79b
MD5 hash:	0069fd29263c0dd90314c48bbce852ef
MIME type:	application/x-dosexec
Signature	LummaStealer

File name:	api-ms-win-crt-filesystem-l1-1-0.dll
File size:	19'920 bytes
SHA256 hash:	85b1b189ce9e3c6f4d2efdd4cd82b0807f681bea2d28851caaf545990de99000
MD5 hash:	14f407d94c77b1b0039ae2c89b07a2ff
MIME type:	application/x-dosexec
Signature	LummaStealer

File name:	trading_api64.dll
File size:	289'568 bytes
SHA256 hash:	f1eb582e607a1e43cdb1654bfb7cb29ad46f6728b3fb89a14f7727e0e8daab69
MD5 hash:	2bca4e2c047ec969cb3cff277e7fc184
MIME type:	application/x-dosexec
Signature	LummaStealer

File name:	api-ms-win-core-sysinfo-l1-1-0.dll
File size:	18'896 bytes
SHA256 hash:	1fe918979f1653d63bb713d4716910d192cd09f50017a6ecb4ce026ed6285df9
MD5 hash:	cef4b9f680faae322170b961a3421c5b
MIME type:	application/x-dosexec
Signature	LummaStealer

File name:	Jieol.iawl
File size:	29'237 bytes
SHA256 hash:	a2debf9dd6016a6ad5dc2b64a2457917347eda433af2128043db271788e57d0c
MD5 hash:	5cdfa2f940f0e3f0b4a3153d437292ec
MIME type:	application/octet-stream
Signature	LummaStealer

File name:	api-ms-win-crt-conio-l1-1-0.dll
File size:	18'896 bytes
SHA256 hash:	4aeeae0ac9f6c1b0b8835067ea3b7fc429f353565f18de7858f4ea5d6f72072e
MD5 hash:	7190cbfad2d7773d3b88ccc25533a651
MIME type:	application/x-dosexec
Signature	LummaStealer

File name:	api-ms-win-core-processthreads-l1-1-1.dll
File size:	18'384 bytes
SHA256 hash:	e5ea2c21fb225090f7d0db6c6990d67b1558d8e834e86513bc8ba7a43c4e7b36
MD5 hash:	29001f316ccfc800e2246743df9b15b3
MIME type:	application/x-dosexec
Signature	LummaStealer

File name:	Vadsteed.pxn
File size:	1'590'674 bytes
SHA256 hash:	3842555c7413ccb742f37016c1ac1e7a02ab029e74fae1b4fc5f2ad23fd5bdf5
MD5 hash:	d8097e81bdd90d33901063ff4bf8cd26
MIME type:	application/octet-stream
Signature	LummaStealer

File name:	api-ms-win-crt-convert-l1-1-0.dll
File size:	21'968 bytes
SHA256 hash:	77b69e829bdc26c7b2474be6b8a2382345b2957e23046897e40992a8157a7ba1
MD5 hash:	3e415147ccd7c712618868bdd7a200cd
MIME type:	application/x-dosexec
Signature	LummaStealer

File name:	ks_tyres.ini
File size:	10'077 bytes
SHA256 hash:	894d3c57598ecb22c769cc3ea8219859a95e22740e72394a474012ea2119b3d9
MD5 hash:	47f6571c7884da6c743551ac724186d4
MIME type:	text/plain
Signature	LummaStealer

File name:	libssl-1_1.dll
File size:	470'016 bytes
SHA256 hash:	faaf83957839aa2df72149086d1eaa7e7242671244462a744aa8e9dc4e88b8b6
MD5 hash:	cde1b5dad28abcd8b6771c298bf6e114
MIME type:	application/x-dosexec
Signature	LummaStealer

File name:	api-ms-win-crt-locale-l1-1-0.dll
File size:	18'384 bytes
SHA256 hash:	f16447b5fc7fe6fb8a6699a3cef1b2b8ba92d408579bcc272d3dd76acd801e2a
MD5 hash:	c5d747f96237b6e9aa85c58745d30c80
MIME type:	application/x-dosexec
Signature	LummaStealer

File name:	api-ms-win-crt-environment-l1-1-0.dll
File size:	18'384 bytes
SHA256 hash:	6c9c0dc7b36afe07dfb07dd373fc757ff25df4793e6384d7a6021471a474f0b9
MD5 hash:	ad0cbb9978fcf60d9e9ca45de6a28d30
MIME type:	application/x-dosexec
Signature	LummaStealer

File name:	Up.dll
File size:	603'376 bytes
SHA256 hash:	57972c5ce575ea09835212dba27791f33b8f07980bba69393d75b1cc20d58a6c
MD5 hash:	14bf5d3b181d00eaa72e0fe4a3c4d138
MIME type:	application/x-dosexec
Signature	LummaStealer

File name:	mfc140u.dll
File size:	5'127'088 bytes
SHA256 hash:	e422c9366a53536a35e307ef301f08661c28c29b7fcda1b454333c6a41c6bb21
MD5 hash:	e76b52d11db435d36453d26c8b446a8f
MIME type:	application/x-dosexec
Signature	LummaStealer

File name:	api-ms-win-core-string-l1-1-0.dll
File size:	17'872 bytes
SHA256 hash:	3807db7acf1b40c797e4d4c14a12c3806346ae56b25e205e600be3e635c18d4f
MD5 hash:	2e5c29fc652f432b89a1afe187736c4d
MIME type:	application/x-dosexec
Signature	LummaStealer

File name:	api-ms-win-crt-multibyte-l1-1-0.dll
File size:	26'064 bytes
SHA256 hash:	c6b4e1d903b3cc83bfaffbe4e82eee634cff8f97f12217caa45b464ddc4e1455
MD5 hash:	9e9c6f83a015029808f5257f7b7e39c6
MIME type:	application/x-dosexec
Signature	LummaStealer

File name:	Setup.exe
Pumped file	This file is pumped. MalwareBazaar has de-pumped it.
File size:	132'678'033 bytes
SHA256 hash:	070e9f96615205437ab65e2b926a18fd75475036e8d216175b5811e854f6a64a
MD5 hash:	9305171478c5538bcd228a0f68fc881f
De-pumped file size:	1'592'320 bytes (Vs. original size of 132'678'033 bytes)
De-pumped SHA256 hash:	34a2697f63fe5c7752c039edbc7acae72858be60ff3e13b0109872bca01f4809
De-pumped MD5 hash:	9104643dce465ba6a878f9e0431f6fec
MIME type:	application/x-dosexec
Signature	LummaStealer

Vendor Threat Intelligence

Verdict:

Malicious

Score:

90.2%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6886e1210b4775fb21327393

Tags:

injection dropper virus

Gathering data

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/cb82590b5eb2080053bfd952077826095a4be4b0fec995027c1615e21d4229d2

Result

Verdict:

MALICIOUS

Link:

https://labs.inquest.net/dfi/sha256/cb82590b5eb2080053bfd952077826095a4be4b0fec995027c1615e21d4229d2

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Malicious

File Type:

zip

First seen:

2025-09-06T21:06:00Z UTC

Last seen:

2025-09-06T21:06:00Z UTC

Hits:

~10

Link:

https://opentip.kaspersky.com/cb82590b5eb2080053bfd952077826095a4be4b0fec995027c1615e21d4229d2/results?tab=lookup

Score:

10%

Verdict:

Benign

File Type:

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	BLOWFISH_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for Blowfish constants

Rule name:	botnet_plaintext_c2 Create hunting rule
Author:	cip
Description:	Attempts to match at least some of the strings used in some botnet variants which use plaintext communication protocols.

Rule name:	Check_OutputDebugStringA_iat Create hunting rule

Rule name:	cobalt_strike_tmp01925d3f Create hunting rule
Author:	The DFIR Report
Description:	files - file ~tmp01925d3f.exe
Reference:	https://thedfirreport.com

Rule name:	command_and_control Create hunting rule
Author:	CD_R0M_
Description:	This rule searches for common strings found by malware using C2. Based on a sample used by a Ransomware group

Rule name:	CP_AllMal_Detector Create hunting rule
Author:	DiegoAnalytics
Description:	CrossPlatform All Malwares Detector: Detect PE, ELF, Mach-O, scripts, archives; overlay, obfuscation, encryption, spoofing, hiding, high entropy, network communication

Rule name:	CP_Script_Inject_Detector Create hunting rule
Author:	DiegoAnalytics
Description:	Detects attempts to inject code into another process across PE, ELF, Mach-O binaries

Rule name:	DebuggerCheck__API Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	DebuggerException__SetConsoleCtrl Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	DetectEncryptedVariants Create hunting rule
Author:	Zinyth
Description:	Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded

Rule name:	DetectGoMethodSignatures Create hunting rule
Author:	Wyatt Tauber
Description:	Detects Go method signatures in unpacked Go binaries

Rule name:	Detect_Golang_Binary Create hunting rule
Author:	Andrew Morrow
Description:	Detects binaries compiled with Go

Rule name:	GoBinTest Create hunting rule

Rule name:	golang Create hunting rule

Rule name:	Golangmalware Create hunting rule
Author:	Dhanunjaya
Description:	Malware in Golang

Rule name:	golang_binary_string Create hunting rule
Description:	Golang strings present

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset

Rule name:	HiveRansomware Create hunting rule
Author:	Dhanunjaya
Description:	Yara Rule To Detect Hive V4 Ransomware

Rule name:	identity_golang Create hunting rule
Author:	Eric Yocam
Description:	find Golang malware

Rule name:	INDICATOR_KB_CERT_62e745e92165213c971f5c490aea12a5 Create hunting rule
Author:	ditekSHen
Description:	Detects executables signed with stolen, revoked or invalid certificates

Rule name:	MD5_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for MD5 constants

Rule name:	pe_detect_tls_callbacks Create hunting rule

Rule name:	PE_Digital_Certificate Create hunting rule
Author:	albertzsigovits

Rule name:	pe_no_import_table Create hunting rule
Description:	Detect pe file that no import table

Rule name:	ProgramLanguage_Golang Create hunting rule
Author:	albertzsigovits
Description:	Application written in Golang programming language

Rule name:	RANSOMWARE Create hunting rule
Author:	ToroGuitar

Rule name:	RIPEMD160_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for RIPEMD-160 constants

Rule name:	SEH__vectored Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	SHA1_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for SHA1 constants

Rule name:	SHA512_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for SHA384/SHA512 constants

Rule name:	Sus_Obf_Enc_Spoof_Hide_PE Create hunting rule
Author:	XiAnzheng
Description:	Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)

Rule name:	ThreadControl__Context Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	upxHook Create hunting rule
Author:	@r3dbU7z
Description:	Detect artifacts from 'upxHook' - modification of UPX packer
Reference:	https://bazaar.abuse.ch/sample/6352be8aa5d8063673aa428c3807228c40505004320232a23d99ebd9ef48478a/