MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fe6e220450a6bca03e0750f4065dec88eb09be316f448d833a6b8b2a43e7c684. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Stealc


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fe6e220450a6bca03e0750f4065dec88eb09be316f448d833a6b8b2a43e7c684
SHA3-384 hash: 6caef43fe7ac4bf63816827594d7bc3571404be1641db6f181ddc2d6ef44ea8fe78d6a6aa057c4319f372ffa9733b307
SHA1 hash: 74f296c24fc9dcacf00b3f093d58d5fc9128d444
MD5 hash: 54da8aaee96d0c386be7b1c5ece2b001
humanhash: helium-ohio-fix-black
File name:Setup.zip
Download: download sample
Signature Stealc
Create hunting rule
File size:11'719'432 bytes
First seen:2024-09-21 13:56:46 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 196608:Jz17XMntx8zwRl46SA/CId8MbeA/ZO2+kxiouJl6EmTrDP/Cw+AwKgsY83N9j5sH:Jzmntizkq3AJ8yxObfo+mPr4E3Nh5MCm
TLSH T113C6331560E2AF18F9094639D5CF1B42773BAB95DA26C36F5738A1273EB65F12E3C008
Magika zip
Reporter aachum
Tags:file-pumped GoInjector LummaStealer Stealc zip


Avatar
iamaachum
http://heraldisoae.click/?66eec34354794=6705a3cadbb9414d5e813c4423f3a178&66eec3435479c=2337&66eec3435479e=1_adobe-premiere-pro-2024-v24-6-1-crack-keygen-download&gkss=46871 => https://www.mediafire.com/file/8k9jev7vsi5l7td/@#Full_Istaller_PcSetup_2025_%E1%B9%94%E1%B8%81%E1%B9%A8%E1%B9%A8%E1%BA%84%E1%B9%8F%E1%B9%9B%E1%B8%8B^$.zip/file

Lumma C2: panushciwracelp.shop
chickerkuso.shop
StealC C2: http://45.200.149.53/281e4696f6bc0de6.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
228
Origin country :
ES ES
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:Setup.exe
Pumped file This file is pumped. MalwareBazaar has de-pumped it.
File size:780'951'042 bytes
SHA256 hash: c2c471c3e89762e441861b781c180e436b50ac1ad74a58db7607afbcee965a79
MD5 hash: d963da3395561b894c20ffb3811bca15
De-pumped file size:46'947'840 bytes (Vs. original size of 780'951'042 bytes)
De-pumped SHA256 hash: 5d276b914ccba0997c5211cd46da06f0a8d5e94c0410e084fdc72c62f33cee8f
De-pumped MD5 hash: 9d945bde3852f5578c747c214a7b0746
MIME type:application/x-dosexec
Signature Stealc
Vendor Threat Intelligence
Verdict:
Malicious
Score:
94.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=66eed0c01db25d66857c6c1a
Tags:
Discovery Execution Generic Infostealer Network Stealth Trojan
Result
Verdict:
Malicious
File Type:
ZIP File - Malicious
Link:
https://app.docguard.net/fe6e220450a6bca03e0750f4065dec88eb09be316f448d833a6b8b2a43e7c684/results/dashboard
Behaviour
SuspiciousEmbeddedObjects detected
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug golang installer large-file overlay
Link:
https://www.filescan.io/uploads/66eed0b15e9303a294237957/reports/a1a02967-48c4-4d79-8d6b-bfc4a0cf7b71/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/fe6e220450a6bca03e0750f4065dec88eb09be316f448d833a6b8b2a43e7c684
Result
Verdict:
UNKNOWN
Link:
https://labs.inquest.net/dfi/sha256/fe6e220450a6bca03e0750f4065dec88eb09be316f448d833a6b8b2a43e7c684
Score:
28%
Verdict:
Benign
File Type:
ARCHIVE
Link:
https://malprob.io/report/fe6e220450a6bca03e0750f4065dec88eb09be316f448d833a6b8b2a43e7c684
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fe6e220450a6bca03e0750f4065dec88eb09be316f448d833a6b8b2a43e7c684/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7zxcebcqu26kapqhkd2amxpmrdvqtprrn5ci3az2nofsuq7hy2ca._file
Result
Malware family:
lumma
Create hunting rule
Score:
  10/10
Tags:
family:lumma discovery stealer
Link:
https://tria.ge/reports/240921-raey7swckn/
Behaviour
Suspicious use of WriteProcessMemory
Program crash
System Location Discovery: System Language Discovery
Suspicious use of SetThreadContext
Lumma Stealer, LummaC
Malware Config
C2 Extraction:
https://chickerkuso.shop/api
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/fe6e220450a6bca03e0750f4065dec88eb09be316f448d833a6b8b2a43e7c684

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

LummaStealer

zip 15d0edd51602fe85f411d9acd05dcf917bcf6627e73c314921f5ad7d4ed87665

Executable exe 08f30ece5f7e77a69e58a970b3684c2a0eba1aa203ac97836dad32fc10a15e90

Stealc

zip fe6e220450a6bca03e0750f4065dec88eb09be316f448d833a6b8b2a43e7c684

(this sample)

Executable exe 6f2c63f929acd8918c8f21f6141d1b13ca35a2b291d2d8d66771c80f481aea49

anyrun
any.run
https://app.any.run/tasks/171115e3-f2b2-4364-835d-bfb98a098ebc
  
Delivery method
Distributed via web download
  
Dropping
SHA256 6f2c63f929acd8918c8f21f6141d1b13ca35a2b291d2d8d66771c80f481aea49
  
Dropping
MD5 9b990bb6a27b497a1a19b8665b02b557
  
Dropped by
SHA256 08f30ece5f7e77a69e58a970b3684c2a0eba1aa203ac97836dad32fc10a15e90
  
Dropped by
MD5 88f2f4df57c115ab7062c7a2a23e454a

Comments