MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 df63eda4107b614d7a1138490e5c23d657ef4966d7af8c5bd747e5c06a4b231c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


LummaStealer


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: df63eda4107b614d7a1138490e5c23d657ef4966d7af8c5bd747e5c06a4b231c
SHA3-384 hash: 813408c01c219a0cfe4ca51d0391408b53ebbb7c278a7ab460b95b97813b4896c8ba90bfbb5dfac3969a86e5be53196d
SHA1 hash: 261a189e152bdb13ab73ae84931b9466d67b4715
MD5 hash: 81df0a7222ad3c1bd736c2190314b47c
humanhash: potato-rugby-east-papa
File name:Captcha.hta
Download: download sample
Signature LummaStealer
Create hunting rule
File size:2'072 bytes
First seen:2024-12-12 22:55:39 UTC
Last seen:2024-12-13 09:51:22 UTC
File type:HTML Application (hta) hta
MIME type:text/html
ssdeep 48:3XrEzR0n67Z00kWo5XJdYCSC0DpxMUR02V4YD9Lhushq3pYk94WdfG:qgc00doRYrC0FfqYKCAu
TLSH T12C4175304E7474D74357622C14A44C0E06EE5E03D9B117EEDC5C615BBE3525ADE6329B
Magika vba
Reporter abuse_ch
Tags:hta LummaStealer

Intelligence

File Origin
# of uploads :
2
# of downloads :
128
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Script.SNH-gen.23926.15075.UNOFFICIAL
Create hunting rule

Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=675b6b9a259e5b60544c8abb
Tags:
shell spawn
Result
Verdict:
Malicious
File Type:
HTA File - Malicious
Link:
https://app.docguard.net/df63eda4107b614d7a1138490e5c23d657ef4966d7af8c5bd747e5c06a4b231c/results/dashboard
Payload URLs
URL
File name
https://www.dropbox.com/scl/fi/g7zzwhq0l5bd1mltm6k7f/Sdtbcoy.vbs?rlkey=90aflmgn9l21a5ypf7jqswnk4&st=ybjhntpe&dl=1
HTA File
Behaviour
BlacklistAPI detected
Verdict:
Malicious
Labled as:
VBS:Electryon.380
Link:
https://www.hybrid-analysis.com/sample/df63eda4107b614d7a1138490e5c23d657ef4966d7af8c5bd747e5c06a4b231c
Result
Verdict:
MALICIOUS
Details
Base64 Encoded URL
Detected an ANSI or UNICODE http:// or https:// base64 encoded URL prefix.
Empire PowerShell Request
Detected a base64 encoded Powershell HTTP request that is likely sourced from Empire.
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1574120
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/df63eda4107b614d7a1138490e5c23d657ef4966d7af8c5bd747e5c06a4b231c
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/df63eda4107b614d7a1138490e5c23d657ef4966d7af8c5bd747e5c06a4b231c/
Threat name:
Script-WScript.Dropper.Electryon
Create hunting rule
Status:
Malicious
First seen:
2024-12-12 22:56:03 UTC
File Type:
Text (HTML)
Extracted files:
1
AV detection:
5 of 38 (13.16%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=35r63jaqpnqu26qrhbeq4xbd2zl66slg26xyyw6xi7s4a2slemoa._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/241212-2wm7taznew/
Behaviour
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/df63eda4107b614d7a1138490e5c23d657ef4966d7af8c5bd747e5c06a4b231c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

LummaStealer

HTML Application (hta) hta df63eda4107b614d7a1138490e5c23d657ef4966d7af8c5bd747e5c06a4b231c

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3346022/
  
Delivery method
Distributed via web download

Comments