Payload Details
| First Seen | 2025-02-02 (Login for timestamps) |
|---|---|
| Last Seen | 2025-02-06 |
| SHA256 | 33d89771aa54d14f5701ae99de644c2f4d77ae9df485c7a79186aa546df5381c |
| Filetype | PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 4 sections |
| Size | 577,344 bytes |
| Signing Attributes |
The certificate chain validates successfully to a trusted anchor.Chain ValidThe certificate was issued by a separate CA, not by itself.Not Self-SignedThe certificate is not reported as revoked by the revocation checks that were performed.Not RevokedThe chain terminates in a certificate present in a trusted root store.Trusted Root |
| Authenticode | ✗ (BAD_DIGEST|BAD_SIGNATURE) |
| Distributed By | Amadey (Login) |
| Countries |  Login for country information |
| UnpacMe ID | 703d1ba0-dbf6-4112-9875-1c225c0ce8cf |
| UnpacMe Detections | MALWARE:LummaTYPE:INFOSTEALERMALWARE:Lumma StealerRULE:LummaStealer |
| UnpacMe Community | RULE:win_lumma_auto |
| Malcat Kesakode | Unknown |
| Download |
Signature Information
Certificate
| Thumbprint (SHA256) | 22a3c23e08c7dbb4e7f4591e58c04285c0514c2894e3c418ad157d817d7edf3c |
|---|---|
| Thumbprint (SHA1) | e8c15b4c98ad91e051ee5af5f524a8729050b2a2 |
| Serial Number | 33000003de8d56825af1a4a9670000000003de |
| Subject | |
| Issuer | |
| Not Before | 2020-12-15 21:24:20 |
| Not After | 2021-12-02 21:24:20 |
Monitored Sandbox Execution
Login required
Non-Monitored Sandbox Execution
Login required
Tasks of Origin (8)
First Seen (UTC)  |
Last Seen (UTC) |
Family | Botnet | Exit | Task Data | View |
|---|---|---|---|---|---|---|
| 2025-01-28 | 2025-02-11 | amadey | Login | | ||
| 2025-01-28 | 2025-02-11 | amadey | Login | | ||
| 2025-01-28 | 2025-02-11 | amadey | Login | | ||
| 2025-01-28 | 2025-02-11 | amadey | Login | | ||
| 2025-01-28 | 2025-02-11 | amadey | Login | | ||
| 2025-01-28 | 2025-02-11 | amadey | Login | | ||
| 2025-01-28 | 2025-02-11 | amadey | Login | | ||
| 2025-01-28 | 2025-02-11 | amadey | Login | |