MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e8b35a75b233e4de9d7240e8426a7204a95c7b7580375a63a1120e06e50e6eca. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


LummaStealer


Vendor detections: 17


Intelligence 17 IOCs YARA 8 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e8b35a75b233e4de9d7240e8426a7204a95c7b7580375a63a1120e06e50e6eca
SHA3-384 hash: 99ee2b1e6256504bc5f97b669599409a6671d99bb9b58e89b19a8022997bdd0bbd1307a41e38784578a989c1a1919178
SHA1 hash: 637cedffc3fb04bb767a5f3589b49cc5b6dddd02
MD5 hash: bafc1d5eb537cd9b153f21b923ede162
humanhash: south-bluebird-lake-white
File name:Launch.exe
Download: download sample
Signature LummaStealer
Create hunting rule
File size:1'674'240 bytes
First seen:2025-08-29 00:33:30 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 29bebcd96150ff9fcda8a64da0c33b3f (1 x LummaStealer, 1 x Rhadamanthys)
ssdeep 24576:PfDAfz5HvF92aidd/jy29RmlDvTyICWw9DDJZe46Vdsatjz5oiZb6u+xiS1XbmJL:nDWzEDdtjw5yICp2GUjz5oc+DigXbmp
TLSH T19075E043F6C34093FBE311B06B39C5A5C8295AA3BB181DDB80188684D5FADDF967352B
TrID 49.9% (.EXE) Win64 Executable (generic) (10522/11/4)
21.3% (.EXE) Win32 Executable (generic) (4504/4/1)
9.6% (.EXE) OS/2 Executable (generic) (2029/13)
9.5% (.EXE) Generic Win/DOS Executable (2002/3)
9.4% (.EXE) DOS Executable Generic (2000/1)
Magika pebin
Reporter AntiSkidding
Tags:exe fake-cheat LummaStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
109
Origin country :
GB GB
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Launch.exe
Verdict:
Malicious activity
Analysis date:
2025-08-29 00:35:02 UTC
Tags:
lumma stealer
Link:
https://app.any.run/tasks/162b2af4-9cd3-4e2c-a13d-41d054f28802

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Lumma
Create hunting rule
Link:
https://www.capesandbox.com/analysis/24074/
Verdict:
Malicious
Score:
90.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68b0f59b3e988eb6ab82e85c
Tags:
phishing
Result
Verdict:
Malware
Maliciousness:

Behaviour
Connection attempt to an infection source
DNS request
Connection attempt
Sending an HTTP GET request
Using the Windows Management Instrumentation requests
Сreating synchronization primitives
Query of malicious DNS domain
Sending a TCP request to an infection source
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
fingerprint microsoft_visual_cc obfuscated packed packed packer_detected
Link:
https://www.filescan.io/uploads/68b0f59b6212e2f74264f8a4/reports/3cbf28ab-8d64-4bbd-86db-0417cae15be3/overview
Verdict:
Malicious
Labled as:
Giant.Fragtor.Generic
Link:
https://www.hybrid-analysis.com/sample/e8b35a75b233e4de9d7240e8426a7204a95c7b7580375a63a1120e06e50e6eca
Verdict:
Malicious
File Type:
PE
First seen:
2025-08-28T12:45:00Z UTC
Last seen:
2025-08-28T12:45:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/e8b35a75b233e4de9d7240e8426a7204a95c7b7580375a63a1120e06e50e6eca/results?tab=lookup
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/6ae7be7c-1899-4b1b-b082-bc24fd3f28fa
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/e8b35a75b233e4de9d7240e8426a7204a95c7b7580375a63a1120e06e50e6eca
Verdict:
inconclusive
YARA:
4 match(es)
Tags:
Executable PE (Portable Executable) PE File Layout Win 32 Exe x86
Link:
https://app.malva.re/file/bafc1d5eb537cd9b153f21b923ede162
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e8b35a75b233e4de9d7240e8426a7204a95c7b7580375a63a1120e06e50e6eca/
Threat name:
Win32.Trojan.LummaStealer
Create hunting rule
Status:
Malicious
First seen:
2025-08-29 00:34:26 UTC
File Type:
PE (Exe)
AV detection:
21 of 24 (87.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5czvu5nsgpsn5hlsiduee2tsasuvy63vqa3vuy5bcihanzion3fa._file
Verdict:
malicious
Label(s):
lummastealer
Create hunting rule
Similar samples:
error
LummaStealer
Result
Malware family:
lumma
Create hunting rule
Score:
  10/10
Tags:
family:lumma defense_evasion discovery spyware stealer
Link:
https://tria.ge/reports/250829-awz3tsxtay/
Behaviour
Checks processor information in registry
Enumerates system info in registry
Modifies data under HKEY_USERS
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Browser Information Discovery
System Location Discovery: System Language Discovery
Drops file in Program Files directory
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Modifies trusted root certificate store through registry
Lumma Stealer, LummaC
Lumma family
Malware Config
C2 Extraction:
https://cursilibim.ru/zajd
https://mastwin.in/qsaz
https://tiltyufaz.ru/tlxa
https://runmgov.ru/tixd
https://semipervaz.ru/xued
https://capitalior.ru/akts
https://retrofik.ru/jgur
https://shagkeg.ru/xkzd
https://copulardi.ru/xhza
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/c85175f3-e561-4d16-b38c-2ad171d932a2
Unpacked files
SH256 hash:
c522261dc3e58c0a8a5763a3adbdb8f74830e831aa110efbdee0dddeb9e5d7f0
MD5 hash:
f71089f41b08606376eca7d5519729fc
SHA1 hash:
aa786d04cfec1f33574581308c45d8e146b5e7dc
Detections:
LummaStealer
Create hunting rule
Link:
https://www.unpac.me/results/4cf91a9f-bb2a-4d94-9a57-28501e01abaf/
SH256 hash:
e8b35a75b233e4de9d7240e8426a7204a95c7b7580375a63a1120e06e50e6eca
MD5 hash:
bafc1d5eb537cd9b153f21b923ede162
SHA1 hash:
637cedffc3fb04bb767a5f3589b49cc5b6dddd02
Link:
https://www.unpac.me/results/4cf91a9f-bb2a-4d94-9a57-28501e01abaf/
Malware family:
Lumma
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/e8b35a75b233/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e8b35a75b233e4de9d7240e8426a7204a95c7b7580375a63a1120e06e50e6eca

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:Lumma
Create hunting rule
Author:kevoreilly
Description:Lumma Payload
Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:pe_detect_tls_callbacks
Create hunting rule
Rule name:RIPEMD160_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for RIPEMD-160 constants
Rule name:SHA1_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA1 constants
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/24074/

Comments