General

  • Target

    cb0115723aafc140ff90329b58d1c24fadba10e366ee0972b565c973662b95efN

  • Size

    3.1MB

  • Sample

    250113-cbazbazmez

  • MD5

    8483febc34d0b275b35727486f11c400

  • SHA1

    6450210de1390361ede70a64ffad70909aba9f92

  • SHA256

    cb0115723aafc140ff90329b58d1c24fadba10e366ee0972b565c973662b95ef

  • SHA512

    e9355a983a022945b8c10133683753a8ad9639daae9b48662ed1bec5e5fd8d192d515b0bb059f92ef0fab43bb77a1164a9fbb358f731ad69da2b47264d3d315e

  • SSDEEP

    49152:CMKO1on9iWK6q/C3luTg5Iokb7yfFTW8ibDw348JKVi+KmD6gAGbnwF:C01Zb6qwuoIpb73Fb84oKzJAG

Malware Config

Extracted

Family

lumma

C2

https://showpanicke.shop/api

Targets

    • Target

      cb0115723aafc140ff90329b58d1c24fadba10e366ee0972b565c973662b95efN

    • Size

      3.1MB

    • MD5

      8483febc34d0b275b35727486f11c400

    • SHA1

      6450210de1390361ede70a64ffad70909aba9f92

    • SHA256

      cb0115723aafc140ff90329b58d1c24fadba10e366ee0972b565c973662b95ef

    • SHA512

      e9355a983a022945b8c10133683753a8ad9639daae9b48662ed1bec5e5fd8d192d515b0bb059f92ef0fab43bb77a1164a9fbb358f731ad69da2b47264d3d315e

    • SSDEEP

      49152:CMKO1on9iWK6q/C3luTg5Iokb7yfFTW8ibDw348JKVi+KmD6gAGbnwF:C01Zb6qwuoIpb73Fb84oKzJAG

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.