Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	June 14, 2024, 1:28 p.m.	June 14, 2024, 1:28 p.m.

Size	310.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`6e3d83935c7a0810f75dfa9badc3f199`
SHA256	`dc4f0a8e3d12c98eac09a42bd976579ccc1851056d9de447495e8be7519760ed`
CRC32	`320DD32C`
ssdeep	`6144:3lGhYe2gss2fHZq4uCDrgcKJCMBus902mdK/WI5O7KKKDi4G:3lGhYHh0CnYZSLP7KKKD1G`
Yara	PE_Header_Zero - PE File Signature lumma_Stealer - Lumma Stealer IsPE32 - (no description)

lummac2.exe "C:\Users\test22\AppData\Local\Temp\lummac2.exe"
2576

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The binary likely contains encrypted or compressed data indicative of a packer (1 event)

section

{u'size_of_data': u'0x00009800', u'virtual_address': u'0x00040000', u'entropy': 7.014920556264192, u'name': u'.data', u'virtual_size': u'0x00012b84'}

entropy

7.01492055626

description

A section with a high entropy has been found

File has been identified by 60 AntiVirus engines on VirusTotal as malicious (50 out of 60 events)

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Lumma.i!c
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
CAT-QuickHeal	Trojanpws.Lumma
Skyhigh	BehavesLike.Win32.Generic.fh
ALYac	Gen:Variant.Lazy.449542
Cylance	Unsafe
VIPRE	Gen:Variant.Lazy.449542
Sangfor	Spyware.Win32.Lummastealer.Vonm
K7AntiVirus	Spyware ( 005b69541 )
BitDefender	Gen:Variant.Lazy.449542
K7GW	Spyware ( 005b69541 )
Cybereason	malicious.35c7a0
Arcabit	Trojan.Lazy.D6DC06
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Spy.LummaStealer.B
APEX	Malicious
McAfee	Artemis!6E3D83935C7A
Avast	Win32:Evo-gen [Trj]
Kaspersky	HEUR:Trojan-PSW.Win32.Lumma.pef
Alibaba	TrojanPSW:Win32/Lumma.71163cef
NANO-Antivirus	Virus.Win32.Gen.ccmw
MicroWorld-eScan	Gen:Variant.Lazy.449542
Rising	Spyware.LummaStealer!8.1A464 (TFE:5:ENeCXo0bAgH)
Emsisoft	Gen:Variant.Lazy.449542 (B)
F-Secure	Trojan.TR/Crypt.XPACK.Gen
Zillya	Trojan.LummaStealer.Win32.23
TrendMicro	Trojan.Win32.AMADEY.YXEFJZ
McAfeeD	Real Protect-LS!6E3D83935C7A
Trapmine	malicious.high.ml.score
FireEye	Generic.mg.6e3d83935c7a0810
Sophos	Mal/Generic-S
Ikarus	Trojan-Spy.Win32.LummaStealer
Webroot	W32.Trojan.TR.Crypt.XPACK
Google	Detected
Avira	TR/Crypt.XPACK.Gen
MAX	malware (ai score=88)
Antiy-AVL	Trojan[PSW]/Win32.Lumma
Kingsoft	malware.kb.a.996
Gridinsoft	Trojan.Win32.Heur.sa
Microsoft	Trojan:Win32/Casdet!rfn
ViRobot	Trojan.Win.Z.Lazy.317952.H
ZoneAlarm	HEUR:Trojan-PSW.Win32.Lumma.pef
GData	Gen:Variant.Lazy.449542
Varist	W32/ABRisk.ZGCT-4496
AhnLab-V3	Trojan/Win.Generic.R652213
BitDefenderTheta	AI:Packer.65BCAF7A1E
DeepInstinct	MALICIOUS
Malwarebytes	Spyware.Lumma

lummac2.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All