Trojan

Trojan:MSIL/LummaStealer.MB!MTB removal tips

Malware Removal

The Trojan:MSIL/LummaStealer.MB!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:MSIL/LummaStealer.MB!MTB virus can do?

  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Binary compilation timestomping detected
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Trojan:MSIL/LummaStealer.MB!MTB?



File Info:

name: A5AABAA9FF184FE9733E.mlw
path: /opt/CAPEv2/storage/binaries/d5d2a199abcef0985acbbb4ebfc184e8f62e1d34e85d7364c06c29e0bccb5533
crc32: 9FEC0992
md5: a5aabaa9ff184fe9733ea67de2f3151f
sha1: c58461826b600c8d50ebdf4788cf35714978348e
sha256: d5d2a199abcef0985acbbb4ebfc184e8f62e1d34e85d7364c06c29e0bccb5533
sha512: b0c510f26371dbe3d030898bd0661e2bcb05c222470c4af8a0d88d0f30511266b9825b53ec98d3a91b850e54f8a8bd46b44ee6780f768cffada9a238ed7d8589
ssdeep: 98304:JkiB9Sr8+SF1djZgyGNu6Hq0AVS6zjvq8hkN8iYC:JkC9SrJ81d1gyEzQjvty8ib
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T12E569E02BAE49D21D30E5733C1E6921693B6F5C17763E30B2681D29D2D427BECCDD6A2
sha3_384: 27376b251e6ba0fc8efcddf5c63f92119d1cff463b1d3da6a6365e8609f46e3c57ac5af081bc0631ee77c44c6b179480
ep_bytes: ff250020400000000000000000000000
timestamp: 2091-11-15 16:42:40


Version Info:

Translation: 0x0000 0x04b0
Comments: wdf
CompanyName: vml
FileDescription: live_install_from_software_events_app
FileVersion: 1.0.2.0
InternalName: live_install_from_software_events_app.exe
LegalCopyright: Copyright © 2023
LegalTrademarks: 
OriginalFilename: live_install_from_software_events_app.exe
ProductName: live_install_from_software_events_app
ProductVersion: 1.0.2.0
Assembly Version: 1.0.2.0

Trojan:MSIL/LummaStealer.MB!MTB also known as:

BkavW32.AIDetectMalware.CS
LionicTrojan.Win32.Lumma.i!c
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.71543317
FireEyeTrojan.GenericKD.71543317
CAT-QuickHealTrojanpws.Msil
SkyhighArtemis!Trojan
McAfeeArtemis!A5AABAA9FF18
Cylanceunsafe
SangforInfostealer.Msil.Lumma.Vlny
AlibabaTrojanPSW:MSIL/LummaStealer.92328969
K7GWRiskware ( 00584baa1 )
K7AntiVirusRiskware ( 00584baa1 )
ArcabitTrojan.Generic.D443AA15
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Generik.BJIBTCW
CynetMalicious (score: 100)
KasperskyHEUR:Trojan-PSW.MSIL.Lumma.gen
BitDefenderTrojan.GenericKD.71543317
NANO-AntivirusTrojan.Win32.Lumma.kitvkt
AvastWin32:TrojanX-gen [Trj]
TencentMalware.Win32.Gencirc.14004f7d
EmsisoftTrojan.GenericKD.71543317 (B)
F-SecureTrojan.TR/AD.Nekark.leqhw
VIPRETrojan.GenericKD.71543317
TrendMicroTrojanSpy.Win32.LUMMASTEALER.YXEBGZ
SophosMal/Generic-S
VaristW32/ABRisk.BBXM-4215
AviraTR/AD.Nekark.leqhw
Antiy-AVLTrojan[PSW]/MSIL.Lumma
MicrosoftTrojan:MSIL/LummaStealer.MB!MTB
ZoneAlarmHEUR:Trojan-PSW.MSIL.Lumma.gen
GDataTrojan.GenericKD.71543317
GoogleDetected
AhnLab-V3Suspicious/Win.MalPe.X2205
ALYacTrojan.GenericKD.71543317
MAXmalware (ai score=81)
VBA32Trojan.MSIL.zgRAT.Heur
MalwarebytesMalware.AI.2010748021
PandaTrj/GdSda.A
TrendMicro-HouseCallTrojanSpy.Win32.LUMMASTEALER.YXEBGZ
RisingStealer.Lumma!8.177F6 (CLOUD)
YandexTrojan.Agent!XYFx3+tcKj0
IkarusTrojan.SuspectCRC
MaxSecureTrojan.Malware.221080569.susgen
FortinetPossibleThreat
AVGWin32:TrojanX-gen [Trj]
DeepInstinctMALICIOUS

How to remove Trojan:MSIL/LummaStealer.MB!MTB?

Trojan:MSIL/LummaStealer.MB!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment