MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 d7ba57d09945192105625366fdd211600f2b955d529e75cf099ea322f497689f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
LummaStealer
Vendor detections: 7
| SHA256 hash: | d7ba57d09945192105625366fdd211600f2b955d529e75cf099ea322f497689f |
|---|---|
| SHA3-384 hash: | 7fd5a89dc4f5734dc7c32d1aae9763052e05afd33d207d63b2ba79e00675107b3c3b70d6b7bffb9b0d99adc61ef9d9ab |
| SHA1 hash: | d1a383604e6e05f749cda2283973e69695c033eb |
| MD5 hash: | 5e38ee793bd31656ab87cfee9e40310a |
| humanhash: | autumn-aspen-nevada-mango |
| File name: | tera3.zip |
| Download: | download sample |
| Signature | LummaStealer |
| File size: | 12'584'700 bytes |
| First seen: | 2024-09-25 14:17:01 UTC |
| Last seen: | Never |
| File type: | zip |
| MIME type: | application/zip |
| ssdeep | 196608:GNYRK1BM6IDxG7pTxKjxgSL+ZaslQ39sgtr8xUfxJoATB6BFEoAgZnMLO7CstdC9:1v6I2z1le18qJoA0QVkOsvU/ |
| TLSH | T17AC623D8D6C33DE9C9388E75E1867FB12200C9547526DAB70F240ADA6FEB121CE174A7 |
| Magika | zip |
| Reporter |  NDA0E |
| Tags: | file-pumped LummaStealer Stealc zip |
Intelligence
File Origin
# of uploads :
1
# of downloads :
198
Origin country :
NLFile Archive Information
This file archive contains 1 file(s), sorted by their relevance:
| File name: | keyctrlVV.exe |
|---|---|
| Pumped file | This file is pumped. MalwareBazaar has de-pumped it. |
| File size: | 781'051'394 bytes |
| SHA256 hash: | 71755fdfb58e4d6bced542dfacbe4693f3243c92bf058358ac798de2a972bef9 |
| MD5 hash: | 3e593804576ebb3c39dab7d8724e4955 |
| De-pumped file size: | 47'048'192 bytes (Vs. original size of 781'051'394 bytes) |
| De-pumped SHA256 hash: | b4e2db39736af0a9a1e8d7339453f196184659aa9eae8a08a03e1cbf8db5ab42 |
| De-pumped MD5 hash: | c0d6207243de70fd3c5b5c201a900248 |
| MIME type: | application/x-dosexec |
| Signature | LummaStealer |
Vendor Threat Intelligence
Gathering data
Result
Verdict:
Malicious
File Type:
ZIP File - Malicious
Behaviour
SuspiciousEmbeddedObjects detected
Verdict:
Likely Malicious
Threat level:
7.5/10
Confidence:
100%
Tags:
anti-debug golang installer large-file overlay
Result
Verdict:
MALICIOUS
Link:
Detection(s):
Suspicious file
Result
Malware family:
stealc
Score:
10/10
Tags:
family:lumma family:stealc botnet:c1 discovery spyware stealer
Behaviour
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Drops file in Windows directory
Enumerates processes with tasklist
Suspicious use of SetThreadContext
Accesses cryptocurrency files/wallets, possible credential harvesting
Legitimate hosting services abused for malware hosting/C2
Checks computer location settings
Drops startup file
Executes dropped EXE
Downloads MZ/PE file
Lumma Stealer, LummaC
Stealc
Suspicious use of NtCreateUserProcessOtherParentProcess
Malware Config
C2 Extraction:
http://45.200.149.53
https://performenj.shop/api
https://performenj.shop/api
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
LummaStealer
zip d7ba57d09945192105625366fdd211600f2b955d529e75cf099ea322f497689f
(this sample)
Delivery method
Distributed via web download
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.