MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cc13ba3fd9f04aaf577f3668569ed413d031efd787ec2839fd3739ab0319ecdf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 15


Intelligence 15 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cc13ba3fd9f04aaf577f3668569ed413d031efd787ec2839fd3739ab0319ecdf
SHA3-384 hash: c3fcf4276570affcce4a6f9ef87d3bc385307748a50922a401ffa0f1c7aba53e7e1779668ee13ff42e84b65124454e5a
SHA1 hash: 314b205c6220ca0bce7b9de682c4335283c40bee
MD5 hash: 4421f6b955aa09ce4c865684c5092579
humanhash: music-lima-oklahoma-kilo
File name:file
Download: download sample
File size:2'565'632 bytes
First seen:2025-10-08 04:27:25 UTC
Last seen:2025-10-08 07:38:53 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 2eabe9054cad5152567f0699947a2c5b (2'852 x LummaStealer, 1'312 x Stealc, 1'026 x Healer)
ssdeep 49152:fMWZ89JBu5wqXYCSqDwZkpx0+w0OcEEmQ0W71oh5Du1fL/q/J:Y9irXYCSqDikpx0+w0PES1oh5D0TS
Threatray 1 similar samples on MalwareBazaar
TLSH T128C53314EA8B003DE71E387309170DEEFA2B6066CB8E67E103956FA75F431D62A15C79
TrID 45.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
18.3% (.EXE) OS/2 Executable (generic) (2029/13)
18.0% (.EXE) Generic Win/DOS Executable (2002/3)
18.0% (.EXE) DOS Executable Generic (2000/1)
Magika pebin
Reporter Bitsight
Tags:dropped-by-amadey exe


Avatar
Bitsight
url: http://178.16.55.189/files/7547858198/1k8ZoZ7.exe

Intelligence

File Origin
# of uploads :
4
# of downloads :
106
Origin country :
US US
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
cc13ba3fd9f04aaf577f3668569ed413d031efd787ec2839fd3739ab0319ecdf.bin.exe
Verdict:
Malicious activity
Analysis date:
2025-10-08 04:29:49 UTC
Tags:
lumma themida
Link:
https://app.any.run/tasks/5698b827-54b8-4539-b79a-e12590e89ba4

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/31090/
Verdict:
Malicious
Score:
91.7%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68e5e83c7f305fa2545d7f65
Tags:
spoof virus
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
microsoft_visual_cc obfuscated oreans_codevirtualizer packed packed themidawinlicense
Link:
https://www.filescan.io/uploads/68e5e8395a3bccf09ebc9ebe/reports/30cce925-82fa-4056-8fe8-f2fd5b1f3540/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_90%
Link:
https://www.hybrid-analysis.com/sample/cc13ba3fd9f04aaf577f3668569ed413d031efd787ec2839fd3739ab0319ecdf
Verdict:
Malicious
File Type:
exe x64
First seen:
2025-10-08T01:34:00Z UTC
Last seen:
2025-10-08T10:13:00Z UTC
Hits:
~100
Detections:
HEUR:Trojan-PSW.Win64.Lumma.gen VHO:Trojan-PSW.Win32.Crypt.gen Trojan.Win64.SBEscape.sb Trojan-PSW.Win32.Crypt.rb Trojan.Win32.Crypt.sb
Link:
https://opentip.kaspersky.com/cc13ba3fd9f04aaf577f3668569ed413d031efd787ec2839fd3739ab0319ecdf/results?tab=lookup
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/8144028c-1619-4bda-9ac8-eb5bd350c7e3
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/cc13ba3fd9f04aaf577f3668569ed413d031efd787ec2839fd3739ab0319ecdf
Verdict:
inconclusive
YARA:
4 match(es)
Tags:
Executable PE (Portable Executable) PE File Layout Win 64 Exe x64
Link:
https://app.malva.re/file/4421f6b955aa09ce4c865684c5092579
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cc13ba3fd9f04aaf577f3668569ed413d031efd787ec2839fd3739ab0319ecdf/
Verdict:
Malicious
Threat:
Family.LUMMA
Link:
https://tip.neiki.dev/file/cc13ba3fd9f04aaf577f3668569ed413d031efd787ec2839fd3739ab0319ecdf
Threat name:
Win64.Trojan.Cerbu
Create hunting rule
Status:
Malicious
First seen:
2025-10-08 04:28:38 UTC
File Type:
PE+ (Exe)
Extracted files:
1
AV detection:
20 of 24 (83.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zqj3up6z6bfk6v37gzufnhwucpidd36xq7wcqop5g442wayz5tpq._file
Verdict:
malicious
Label(s):
rhadamanthys
Create hunting rule
Similar samples:
cc13ba3fd9f04aaf577f3668569ed413d031efd787ec2839fd3739ab0319ecdf
error
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/251008-e3cnbswm14/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Checks BIOS information in registry
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/f9ca632a-e8e6-4234-952e-5ea9a9cfc23f
Unpacked files
SH256 hash:
cc13ba3fd9f04aaf577f3668569ed413d031efd787ec2839fd3739ab0319ecdf
MD5 hash:
4421f6b955aa09ce4c865684c5092579
SHA1 hash:
314b205c6220ca0bce7b9de682c4335283c40bee
Link:
https://www.unpac.me/results/8fb09e26-e966-444f-9170-d52dca295660/
Malware family:
Rhadamanthys
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/cc13ba3fd9f0/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/cc13ba3fd9f04aaf577f3668569ed413d031efd787ec2839fd3739ab0319ecdf

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe cc13ba3fd9f04aaf577f3668569ed413d031efd787ec2839fd3739ab0319ecdf

(this sample)

  
Dropped by
Amadey
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/31090/
  
URLhaus
https://urlhaus.abuse.ch/url/3664733/

Comments