MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dd819fc670a1542332b66ce84523bd6300d80c81e8881128281ca1b27df8a42e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


LummaStealer


Vendor detections: 9


Intelligence 9 IOCs YARA 78 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dd819fc670a1542332b66ce84523bd6300d80c81e8881128281ca1b27df8a42e
SHA3-384 hash: 5f2beacf9f9ae4683db35912d69875e659f3660727d9b553b9c2153f3367561139d0dd52445c0bba433e8d796cfcc35f
SHA1 hash: 20fd01d6e27614e01c351796658eff0acce1c8dc
MD5 hash: a1b6e91d069f7171a32afd7d062f7f46
humanhash: oklahoma-red-aspen-cola
File name:smart1.zip
Download: download sample
Signature LummaStealer
Create hunting rule
File size:11'606'870 bytes
First seen:2024-08-19 16:08:08 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 196608:IDZsteZ7PQVZzjensQAJ/DlpU5cM8pOU8G6CNRQ+gCJA1cDOTZ7qjkbQPe5YxeZ:Sqt/cs5RBpU5cFOVG6GQq3DOTZahQ
TLSH T12FC6334397939E4F874B918AE2FD9F60D06B52170F7E210A38E7B23532856D11B53EE2
Reporter aachum
Tags:LummaStealer zip


Avatar
iamaachum
https://bidvertiser.b-cdn.net/smart1.zip

Lumma C2:
https://femininedspzmhu.shop/api
https://writerospzm.shop/api
https://deallerospfosu.shop/api
https://bassizcellskz.shop/api
https://languagedscie.shop/api
https://complaintsipzzx.shop/api
https://quialitsuzoxm.shop/api
https://tenntysjuxmz.shop/api

Intelligence

File Origin
# of uploads :
1
# of downloads :
328
Origin country :
ES ES
File Archive Information

This file archive contains 77 file(s), sorted by their relevance:

File name:AppxPackaging.dll
File size:1'661'776 bytes
SHA256 hash: ee1ee174286985cf35d68f1c61623a9e23b11ed82e8a03a3eced56f2f5025a37
MD5 hash: fb6d5e88534f53f098fef476c95d9e85
MIME type:application/x-dosexec
Signature LummaStealer
File name:151
File size:3'067 bytes
SHA256 hash: c491ab72d58e8b1cafac40b022324a4e4401c4bb1ca12cdb43da605feaa006d6
MD5 hash: a8c8aa57da1f548bb03f9335d17dafd6
MIME type:text/xml
Signature LummaStealer
File name:115
File size:2'588 bytes
SHA256 hash: d26eae7883019b2646518c6b24546900928568c1a27631234bf1d4499cc969be
MD5 hash: bf2f49b2b7621db651dcf325c26ba68c
MIME type:text/xml
Signature LummaStealer
File name:aadtb.dll
File size:1'895'936 bytes
SHA256 hash: 232cc3c54882ed9db3ef9a49a91bf55782ed9cf65ba721976688a5d41dee212e
MD5 hash: fac899b997bc128f96cf7f634f8734f0
MIME type:application/x-dosexec
Signature LummaStealer
File name:206
File size:8'589 bytes
SHA256 hash: f888aa5fdd60c94e48cbe530e63451b7e4ab6a0a47dfbcc7839290ec9c12f8c8
MD5 hash: 4b3a64140465734d98dd5e54f111e50a
MIME type:text/xml
Signature LummaStealer
File name:134
File size:4'251 bytes
SHA256 hash: a67ea147fb45c3e75b8dbbf31bb0784fdde595a8c53983313f9a8049eb4392d2
MD5 hash: 3bfde11c44c6aa6d2678d2fb87352b39
MIME type:text/xml
Signature LummaStealer
File name:109
File size:3'439 bytes
SHA256 hash: e406d495cf478fb052eeeb79984356a0d2d9ea71542ad6b66a8ac203c9edce6d
MD5 hash: 4161d5929b85f37330fcdfb6acbe6437
MIME type:text/xml
Signature LummaStealer
File name:104
File size:3'440 bytes
SHA256 hash: b7245affda4c8a21670c43161dd5d867aba7f0a1172b8deeec605c2ac158fb3d
MD5 hash: ef724b273ca3e5fe7a7ec04bb2f814e9
MIME type:text/xml
Signature LummaStealer
File name:AspNetMMCExt.ni.dll
File size:1'014'784 bytes
SHA256 hash: dc835e2e0e6495f2450fd3286fb306646f3fe2414205927a2f17e1a38cde148b
MD5 hash: 36ee5ccc4dc314a4de0791e640de1790
MIME type:application/x-dosexec
Signature LummaStealer
File name:107
File size:8'578 bytes
SHA256 hash: b17576531cceaafed91bf998b0626e05a654212380ffaa6a08b1f07cbeb16915
MD5 hash: bc06b2b6d1cbb4c7862b87dae92094b0
MIME type:text/xml
Signature LummaStealer
File name:138
File size:2'168 bytes
SHA256 hash: 60760501cdcfbcd607c7edd2a2e462e7b54e4bec64fac07b17b684374adba485
MD5 hash: f45a98cfd030e9ff40a44bd9bbad22da
MIME type:text/xml
Signature LummaStealer
File name:403
File size:3'307 bytes
SHA256 hash: a39d8445297aa4e3b6be4754b56e0e20391f8947fbb1eac3080e419467cee06c
MD5 hash: 74809306f7e05332344d9e18eac52155
MIME type:text/xml
Signature LummaStealer
File name:204
File size:23'979 bytes
SHA256 hash: 472e21ae30704f70eb1d6e9531cb8a1f1b259cd4ff37647cd20b792701982d6e
MD5 hash: ec53ea4a950f406c9e046c70c292dcde
MIME type:text/xml
Signature LummaStealer
File name:129
File size:1'677 bytes
SHA256 hash: 32f1bb442ed5cb78687114a1d4e1f00ab899654195bba8389336cca7265882f1
MD5 hash: 0f4b7357e953744fd8ad39ab5bb70d78
MIME type:text/xml
Signature LummaStealer
File name:301
File size:2'123 bytes
SHA256 hash: 911809710c43ae09b6b023a7f52334bd18cb12e2f15d3a3aceca047db98611b3
MD5 hash: 40707bdd98d8b7b3a12a82043dd3e67e
MIME type:text/xml
Signature LummaStealer
File name:150
File size:1'426 bytes
SHA256 hash: dce7c82963d34439ba121040caf06ce17bc43b9ac2c376a96da7a5f48be09148
MD5 hash: 70b63de9a78bc0fc373e8735e678305a
MIME type:text/xml
Signature LummaStealer
File name:141
File size:3'301 bytes
SHA256 hash: a2cfffcb5df4dcf82123df9f903fc6818dca4f76815ca1e62ad4bf5c78183cec
MD5 hash: 6227482d5b5a8fee74fd264e4cfd3087
MIME type:text/xml
Signature LummaStealer
File name:AudioEndpointBuilder.dll
File size:752'128 bytes
SHA256 hash: 4044a7113505735a6c06295ff82416ef0ed3248fb889176922cc50d5829aaa6a
MD5 hash: 2048e25cdbccaf2a78fd4e3c7a25ac63
MIME type:application/x-dosexec
Signature LummaStealer
File name:152
File size:2'397 bytes
SHA256 hash: e2e9d2cf0611cbdbbe03556f2b397a2ec6648d5f3fe5188d9ef3649fbf03a810
MD5 hash: d6e8b2f70c92e0cb08c8b38b83c4f4c7
MIME type:text/xml
Signature LummaStealer
File name:AspNetMMCExt.dll
File size:507'904 bytes
SHA256 hash: 91246d7ae7db777178c9b05a0654934d69bd0c00de55ca5159e31bbd40783f33
MD5 hash: df52e28323a88e80cc3be9bc3d9f6733
MIME type:application/x-dosexec
Signature LummaStealer
File name:133
File size:8'180 bytes
SHA256 hash: ed3a2952f6a9b3e8f932847acf708c53fb929a359db8145f1791872ab3e42941
MD5 hash: 095b3f90b77484a1f9bf2fc4ba723b72
MIME type:text/xml
Signature LummaStealer
File name:207
File size:8'911 bytes
SHA256 hash: 8793dcdbb02520c9252ca59636880e8b87825116599e4b9b79d4de6e5739f6da
MD5 hash: 10e4923ab92a17ed27ee30d5e5b2078c
MIME type:text/xml
Signature LummaStealer
File name:149
File size:5'266 bytes
SHA256 hash: 6f5cb97117a8a318afacd08caf091994a425381e25b0dcf01b987afc015bca29
MD5 hash: 35fce55a73cfa9268f0ec23d608c3990
MIME type:text/xml
Signature LummaStealer
File name:108
File size:5'498 bytes
SHA256 hash: f98dacd8488d9e6ea3c49122cc9a10a751ff591cade63092c488e2fce2e4131a
MD5 hash: 23a09f2241029d0a9226da6fbddefdaa
MIME type:text/xml
Signature LummaStealer
File name:153
File size:1'488 bytes
SHA256 hash: d936e06018bc5ea5ab8c4fad471af02b57828c2b3e7e66549e4eed73c21802da
MD5 hash: a59b9a5df1a3731aaa5421ba306341c6
MIME type:text/xml
Signature LummaStealer
File name:118
File size:3'180 bytes
SHA256 hash: 42cd4831737df5d6ab4821963445830040a2bd28a1eaf4153f090d2177196da7
MD5 hash: 965107310d93ca791b66c014aef3aecd
MIME type:text/xml
Signature LummaStealer
File name:AAD.Core.dll
File size:3'651'384 bytes
SHA256 hash: d5168035fdde1e43b3f0175f09c7c2fe02006e0ec2fafaf14bb734c7e23fdbfd
MD5 hash: cf59cd4b55bd5532ef8a29d881cd3392
MIME type:application/x-dosexec
Signature LummaStealer
File name:128
File size:2'500 bytes
SHA256 hash: 11eab5cdbbdcf4e3a90faeef567db52067d95b6dd1df73845ba61a2b4132f437
MD5 hash: 899d8cc2a47da4d0ab469aa161cd35ca
MIME type:text/xml
Signature LummaStealer
File name:148
File size:3'527 bytes
SHA256 hash: fe7bdded9d104f6b90057d2ea3fa74bb0608425a643180cdcc704d35eb59a6ff
MD5 hash: aa725ed73bc5a5758bd35a6985b39813
MIME type:text/xml
Signature LummaStealer
File name:124
File size:1'800 bytes
SHA256 hash: 45d6594143e807786570f95f821608a1248042d59ac29b66db3a534153fa231e
MD5 hash: d5d3cd41ddf8f0fe686f420a3d96c98e
MIME type:text/xml
Signature LummaStealer
File name:139
File size:9'259 bytes
SHA256 hash: d0688b1bdb74c4d93e8d4ec378d595663c0bf447984feda58e1a5dfb9d668c97
MD5 hash: 5aae3d4958cfa35c12197493957989fb
MIME type:text/xml
Signature LummaStealer
File name:205
File size:8'444 bytes
SHA256 hash: 708c14d32ad98366c4fe9985e52c284cd30a95634a4de2e53599d1e38561d9fe
MD5 hash: 6d40a1dfbb15c30e337dcd1485a85f7c
MIME type:text/xml
Signature LummaStealer
File name:144
File size:9'096 bytes
SHA256 hash: 4e7857c68647dc752bde3229282210bfb86fe15b5caf12589dcc26bd8705613b
MD5 hash: c176f9e0a594e8bb715653ee07e4184d
MIME type:text/xml
Signature LummaStealer
File name:404
File size:3'658 bytes
SHA256 hash: 72289c4229377831aa200b97f1345aae170715481e5c76a5d70a2fb8b3cb0c12
MD5 hash: ab0e40998e2e6101e042bea9c3320966
MIME type:text/xml
Signature LummaStealer
File name:211
File size:19'141 bytes
SHA256 hash: 8ea553c961897b09f507875bc44246569a14e4796c73bb1048cf08e87c272b76
MD5 hash: 351649f6c72cd23b49c3e0f35a85ec13
MIME type:text/xml
Signature LummaStealer
File name:aadcloudap.dll
File size:695'808 bytes
SHA256 hash: 44d7b4b2691648f2d38486bec752b0910793759d5f7111b692ec45793a5bc6db
MD5 hash: bdc2be72d4289eaf98005a8fa3e4ba11
MIME type:application/x-dosexec
Signature LummaStealer
File name:123
File size:1'747 bytes
SHA256 hash: eae02f10063f458ecd1e5f58cd0b4398c5254d0cf30b24a95635943d925b6453
MD5 hash: db3a482fc8aae2ae58439ecef52ed755
MIME type:text/xml
Signature LummaStealer
File name:101
File size:20'551 bytes
SHA256 hash: 326322b02a5190cc6d1231b8481a40b38b741375311c1b7d254b4377d3361d5d
MD5 hash: 231417431fe43ade68eaad5e0ff05633
MIME type:text/xml
Signature LummaStealer
File name:201
File size:20'562 bytes
SHA256 hash: 7176223956a81e0c65dedd46c0f4e32f58b2a913efe972e3257e401841a8010f
MD5 hash: 804540f057a5eb75390dce4614c4cb18
MIME type:text/xml
Signature LummaStealer
File name:131
File size:1'413 bytes
SHA256 hash: 1206c948bd14f1b92d20d4f353d8a393d9ee20f358280bf2da4a1a24eb7f6efb
MD5 hash: 5befa3271e7698fee54eb8e6514aa6b0
MIME type:text/xml
Signature LummaStealer
File name:aqueue.dll
File size:607'232 bytes
SHA256 hash: 236b387ae45c62bf3cc68b1c04e495e461ee5350f1b68675341329dcebc79ac5
MD5 hash: 9b36d0a2073e58d4dc405cfd181e801d
MIME type:application/x-dosexec
Signature LummaStealer
File name:113
File size:1'553 bytes
SHA256 hash: 345ae29c8dd0709bbea5933b653045eb323952e25359b276a0b3175bc0a399cc
MD5 hash: cf381c4bca49a6e7dde06dcba8b3e761
MIME type:text/xml
Signature LummaStealer
File name:111
File size:15'663 bytes
SHA256 hash: c032df790219a785f1a8a3060c6a1f3e204f83bee9aa1bfffc43f6157b67f004
MD5 hash: 1092f08b9ec61139beff160e35723827
MIME type:text/xml
Signature LummaStealer
File name:145
File size:5'754 bytes
SHA256 hash: 3952070753c440deaaf431a79338739ffdd3accd82b9b3bfce489ae132a6158c
MD5 hash: 3c67d324f4e807ccd64d0d5884bb7e62
MIME type:text/xml
Signature LummaStealer
File name:105
File size:1'603 bytes
SHA256 hash: e34c1d6b2f504adc36b55ea9b6a8edb77b0a2d0e87c62bdf89b6cb3072336bff
MD5 hash: e7e60810cff42cc010cb125258e01e66
MIME type:text/xml
Signature LummaStealer
File name:405
File size:874 bytes
SHA256 hash: 04833297a18e2c83ba00c50e99b158ece30f1596f3615e319281522a78fd1a69
MD5 hash: 9776105ac4d329429a5405babf632643
MIME type:text/xml
Signature LummaStealer
File name:aagwmi.dll
File size:762'880 bytes
SHA256 hash: 3724c1977c507163d8baf9b8be8ad1750e046aa124a26b59ba888533688a51c2
MD5 hash: 36ec2ae37246fd5cf248e417c89495cb
MIME type:application/x-dosexec
Signature LummaStealer
File name:147
File size:3'960 bytes
SHA256 hash: 3111e25b2cf2338412566e9f32f3fd11a2d69da594ad38e4a95e75eeb90b5d2a
MD5 hash: c40a3c6d90635c3c39877cabf4e59b80
MIME type:text/xml
Signature LummaStealer
File name:146
File size:4'011 bytes
SHA256 hash: be126fbb1e7b4b2117202cb4bfe9aff230efd67ef1173144a3117db0b5b896ed
MD5 hash: bec22c1ebbb9e499d2308c19cdfd2a8c
MIME type:text/xml
Signature LummaStealer
File name:AppxProvider.dll
File size:561'488 bytes
SHA256 hash: 68ebae3c7d6f4971167094c091af1d8036435b964c0199ed090580a969bb07ba
MD5 hash: ab4d88e9e02655e3eaa4b90953beb244
MIME type:application/x-dosexec
Signature LummaStealer
File name:132
File size:15'837 bytes
SHA256 hash: d74dd6f38814541ebd438a33eb71e3f6f747802e43d35afa4eb5c6c990b63bc5
MD5 hash: 3f191e58ba5239e05c39ce3c2fec4dd1
MIME type:text/xml
Signature LummaStealer
File name:110
File size:49'432 bytes
SHA256 hash: cfa071d5f01ac3aed21a7ab0ebbc6f726cd1600e7d112cf9dbc2eb085a6df4fd
MD5 hash: 4b3c95ccc9ba6fcd4263621a16d3ac73
MIME type:text/xml
Signature LummaStealer
File name:210
File size:24'714 bytes
SHA256 hash: 495e2a7747d82254130e24c0cbe588512cc90226884e7d3acfbfca1cf38e463b
MD5 hash: 3c6b019a71669ae37e13105b4495817e
MIME type:text/xml
Signature LummaStealer
File name:114
File size:24'541 bytes
SHA256 hash: e3a4bc69c36fdeaf02ab92ee4d19982b8998c126686f20c991d74e4358748352
MD5 hash: 68e726ff03468203e42a2d105396f9e1
MIME type:text/xml
Signature LummaStealer
File name:archiveint.dll
File size:622'080 bytes
SHA256 hash: bc138cb89373f94c481d8b88797491bee0aaffa3b3017dbcac40cd69723e281c
MD5 hash: fe6d792232f609743eabf2c089033651
MIME type:application/x-dosexec
Signature LummaStealer
File name:140
File size:8'471 bytes
SHA256 hash: 6c27f07114288e3afec95a9965419707b07d4f30ed3515032f09ef6612d9335b
MD5 hash: 551fbc3b4c6335fbbbacbd6f29a15e2b
MIME type:text/xml
Signature LummaStealer
File name:130
File size:4'392 bytes
SHA256 hash: 9adba1751174e072802d67d4ab49e4424e75288b240a4b8d52ef3d38da0637d9
MD5 hash: 79251e00a0f91d84ad73e8026479844c
MIME type:text/xml
Signature LummaStealer
File name:136
File size:1'686 bytes
SHA256 hash: ad2cef8bd850e762bfb21a94075849e5c82471271533b8ed8f05db8d4e00c669
MD5 hash: 0a706b57fdcd4561439ae3db03930485
MIME type:text/xml
Signature LummaStealer
File name:135
File size:1'598 bytes
SHA256 hash: c329638cf62e8bd36478ea5e98da32a92830f964b224716030214376b6f0b790
MD5 hash: 838d223e2ebaca78e295b13223d46c98
MIME type:text/xml
Signature LummaStealer
File name:accessibilitycpl.dll
File size:3'838'976 bytes
SHA256 hash: 1c9e534ac2b8ec90eb5a504379a9a5db2cdf22f9ffaa2494d13a66a7a5b00f6c
MD5 hash: 04baa97342c48220c1834a8bf0d6fdbd
MIME type:application/x-dosexec
Signature LummaStealer
File name:106
File size:22'602 bytes
SHA256 hash: e865afdc141c7a9c32ff780bd522f3da2124ad8d93172040c7ad2d52b988b2c1
MD5 hash: f294bd0e754fad80335f92cb65f1dcf9
MIME type:text/xml
Signature LummaStealer
File name:116
File size:3'728 bytes
SHA256 hash: 9caf46a5ff01b72479a7fab38cf7f07030850e951fda45ca64258deaf9734167
MD5 hash: ee9236d72cc06278a9bbdf0d4d671599
MIME type:text/xml
Signature LummaStealer
File name:142
File size:3'847 bytes
SHA256 hash: 37ffabf331b3b79adfa2f36bf32909b384e12c59ed3614066d263c03aee31077
MD5 hash: ec44d6fc4121fdba0d660a08d5f9c3be
MIME type:text/xml
Signature LummaStealer
File name:112
File size:16'156 bytes
SHA256 hash: 00c4fef13a8be4869ef8d1a31dcf742e177f068424c868104ef09ad6e18e4f63
MD5 hash: a1f826ef85177596e0e47a38edaf30c1
MIME type:text/xml
Signature LummaStealer
File name:137
File size:20'914 bytes
SHA256 hash: 3ced64436c6f11534bd8c0b4173adbd51827097aa7337044d0ee9686d936c3e2
MD5 hash: 3209900ae767de5e2f73d85aa390ba9d
MIME type:text/xml
Signature LummaStealer
File name:202
File size:23'292 bytes
SHA256 hash: 3837b38a1967773b7f2870662687d51661d86c8bee2e008e69bc7fb1495c3d65
MD5 hash: 064c49489bbab80aa7d15690d2293443
MIME type:text/xml
Signature LummaStealer
File name:401
File size:2'867 bytes
SHA256 hash: 00897f8c205496d16cc4fce0a048d794f5acf78588346e4aa2b68f8a666cd530
MD5 hash: 60b1c27d9288d3a2e26a3156eb2d63d2
MIME type:text/xml
Signature LummaStealer
File name:117
File size:1'495 bytes
SHA256 hash: cf5d03ccea3eb59863489fe4928b1ea0a5d45873b610fd70d9c36baab80a64b9
MD5 hash: f64aff2e407895226ec30568f7220f66
MIME type:text/xml
Signature LummaStealer
File name:102
File size:21'877 bytes
SHA256 hash: 4b1f51da3c1068765fc637e784c726c5f4e9c9c1337ff99b4bda85b783b3c0e0
MD5 hash: e350a80c5ea601bcad65a6b615e70e53
MIME type:text/xml
Signature LummaStealer
File name:209
File size:5'458 bytes
SHA256 hash: 20d18c7374ac875fca5fe4125570634422548b0056e542cbbaac3d8f5840b4b7
MD5 hash: ef71d5cd5d1409ceef6a9d1ab71796d1
MIME type:text/xml
Signature LummaStealer
File name:203
File size:22'616 bytes
SHA256 hash: 0955641941119572aa176bb269962f965d21b05a49611bdffc572339f40f921d
MD5 hash: ae2792b619ea8ca38d758cb1dfa05ca9
MIME type:text/xml
Signature LummaStealer
File name:103
File size:8'110 bytes
SHA256 hash: f5deb54acd4444f882425cd0ee5d051201556424c58f635fa5fe08803a8479ad
MD5 hash: d922a7284db707b7e418e078a0a23cc0
MIME type:text/xml
Signature LummaStealer
File name:aagmmc.resources.dll
File size:912'896 bytes
SHA256 hash: 06bedce3a18b463f591d871c5dad5c09f23af469c69a89898cbcf4b5eea353fd
MD5 hash: 5f960c91ee2ad0ac53201d302e63c57c
MIME type:application/x-dosexec
Signature LummaStealer
File name:143
File size:6'077 bytes
SHA256 hash: 3459e94ce4056be21f91c8e111049c2398e6d8bae0760e8f5d3548f98cb6d8ae
MD5 hash: fc20c1d56abebdb8ad2be3889b7058d7
MIME type:text/xml
Signature LummaStealer
File name:402
File size:4'683 bytes
SHA256 hash: f3bff525ec974b52b1dce96a224f068345c0b1b0df492c6a95087d85ec5679b7
MD5 hash: 3a7d93b2958193497dc87cbf0fda9ce6
MIME type:text/xml
Signature LummaStealer
File name:302
File size:2'482 bytes
SHA256 hash: 4658fa318c71efde7ad661f8bcad3fbc5c63ab36ab89ba0ce3d5887e6f18881e
MD5 hash: 9b41b4f49880d1dc23badb53ecc5e262
MIME type:text/xml
Signature LummaStealer
File name:0calendarscope.exe
File size:17'266'176 bytes
SHA256 hash: 9d3ccb5909fdb37465abeef19b83e868ccb6397ffa22ad434b7a16231a711fae
MD5 hash: c77d9a74fc554afaf9d477f45175cdb5
MIME type:application/x-dosexec
Signature LummaStealer
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.W64.Agent.VY.tr.19058.14383.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
70%
Link:
https://cyber-fortress.com/docs/result/index.php?id=66c36e22b2a4681a72965512
Tags:
Generic Static
Result
Verdict:
Suspicious
File Type:
PE File
Link:
https://app.docguard.net/dd819fc670a1542332b66ce84523bd6300d80c81e8881128281ca1b27df8a42e/results/dashboard
Behaviour
BlacklistAPI detected
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
crypto eventvwr hacktool lolbin microsoft_visual_cc remote
Link:
https://www.filescan.io/uploads/66c36e241136ce4923100a39/reports/6a820e6d-5024-4f4e-8d20-fe2d1b591cc0/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/dd819fc670a1542332b66ce84523bd6300d80c81e8881128281ca1b27df8a42e
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/dd819fc670a1542332b66ce84523bd6300d80c81e8881128281ca1b27df8a42e
Score:
0%
Verdict:
Benign
File Type:
ARCHIVE
Link:
https://malprob.io/report/dd819fc670a1542332b66ce84523bd6300d80c81e8881128281ca1b27df8a42e
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/dd819fc670a1542332b66ce84523bd6300d80c81e8881128281ca1b27df8a42e/
Threat name:
Win64.Spyware.Lummastealer
Create hunting rule
Status:
Suspicious
First seen:
2024-08-19 16:09:07 UTC
File Type:
Binary (Archive)
Extracted files:
1107
AV detection:
15 of 24 (62.50%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3waz7rtqufkcgmvwntueki55mmanqdeb5cebckbidsq3e7pyuqxa._file
Result
Malware family:
lumma
Create hunting rule
Score:
  10/10
Tags:
family:lumma discovery persistence privilege_escalation stealer
Link:
https://tria.ge/reports/240819-we54eaxfqh/
Behaviour
Suspicious use of WriteProcessMemory
System Location Discovery: System Language Discovery
Suspicious use of SetThreadContext
Lumma Stealer, LummaC
Malware Config
C2 Extraction:
https://femininedspzmhu.shop/api
https://writerospzm.shop/api
https://deallerospfosu.shop/api
https://bassizcellskz.shop/api
https://languagedscie.shop/api
https://complaintsipzzx.shop/api
https://quialitsuzoxm.shop/api
https://tenntysjuxmz.shop/api
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/dd819fc670a1542332b66ce84523bd6300d80c81e8881128281ca1b27df8a42e

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:BLOWFISH_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for Blowfish constants
Rule name:Borland
Create hunting rule
Author:malware-lu
Rule name:Check_OutputDebugStringA_iat
Create hunting rule
Rule name:cobalt_strike_tmp01925d3f
Create hunting rule
Author:The DFIR Report
Description:files - file ~tmp01925d3f.exe
Reference:https://thedfirreport.com
Rule name:command_and_control
Create hunting rule
Author:CD_R0M_
Description:This rule searches for common strings found by malware using C2. Based on a sample used by a Ransomware group
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DebuggerCheck__QueryInfo
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DebuggerException__ConsoleCtrl
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DebuggerException__SetConsoleCtrl
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:extracted_at_0x44b
Create hunting rule
Author:cb
Description:sample - file extracted_at_0x44b.exe
Reference:Internal Research
Rule name:GoBinTest
Create hunting rule
Rule name:GoInjector
Create hunting rule
Author:NDA0E
Description:Detects Go Injector
Rule name:golang
Create hunting rule
Rule name:golang_binary_string
Create hunting rule
Description:Golang strings present
Rule name:golang_duffcopy_amd64
Create hunting rule
Rule name:identity_golang
Create hunting rule
Author:Eric Yocam
Description:find Golang malware
Rule name:MD5_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for MD5 constants
Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:NETDLLMicrosoft
Create hunting rule
Author:malware-lu
Rule name:pe_detect_tls_callbacks
Create hunting rule
Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:pe_no_import_table
Create hunting rule
Description:Detect pe file that no import table
Rule name:RIPEMD160_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for RIPEMD-160 constants
Rule name:SEH__vectored
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:SHA1_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA1 constants
Rule name:SHA512_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA384/SHA512 constants
Rule name:SUSP_EXE_in_ISO
Create hunting rule
Author:SECUINFRA Falcon Team
Description:Detects ISO files that contains an Exe file. Does not need to be malicious
Reference:Internal Research
Rule name:TeslaCryptPackedMalware
Create hunting rule
Rule name:ThreadControl__Context
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:without_attachments
Create hunting rule
Author:Antonio Sanchez <asanchez@hispasec.com>
Description:Rule to detect the no presence of any attachment
Reference:http://laboratorio.blogs.hispasec.com/
Rule name:without_urls
Create hunting rule
Author:Antonio Sanchez <asanchez@hispasec.com>
Description:Rule to detect the no presence of any url
Reference:http://laboratorio.blogs.hispasec.com/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Stealc

PowerShell (PS) ps1 8d80e5c7d07aef7d4565f4ddc61d3fc5819a5ea68f2d5282e6ae3e5e17d60e3d

LummaStealer

Executable exe aaa862c14154374b00e16f2440dabfcb9c8b7ca6655942530c83a6c96c065438

LummaStealer

zip dd819fc670a1542332b66ce84523bd6300d80c81e8881128281ca1b27df8a42e

(this sample)

LummaStealer

Executable exe 9d3ccb5909fdb37465abeef19b83e868ccb6397ffa22ad434b7a16231a711fae

  
Dropped by
SHA256 aaa862c14154374b00e16f2440dabfcb9c8b7ca6655942530c83a6c96c065438
  
Delivery method
Distributed via web download
  
Dropping
SHA256 9d3ccb5909fdb37465abeef19b83e868ccb6397ffa22ad434b7a16231a711fae
  
Dropping
MD5 c77d9a74fc554afaf9d477f45175cdb5
  
Dropped by
MD5 e779ad7fcdc079af0012414407e2e892

Comments