General

  • Target

    2524ba86ad74354568814ce10acaf5b1d2051c9769c384849306c4288899ee60.exe

  • Size

    3.1MB

  • Sample

    250113-xttvcstphx

  • MD5

    b0f809ab05260749f441911a983d2653

  • SHA1

    cbb1ea7e30c543e06325e130bad735c4be05bb10

  • SHA256

    2524ba86ad74354568814ce10acaf5b1d2051c9769c384849306c4288899ee60

  • SHA512

    d2489ed344f8a96f2a4544f1572ffdc5b5db078e839b0fa7c07902647720eb50a573af2a5c8343b9499ab9fd8cb33a9efc7adb99328993f96fc81c22967a3afa

  • SSDEEP

    49152:CMKO1on9iWK6q/C3luTg5Iokb7yfFTW8ibDw348JKVi+KmD6gAGbnwFk:C01Zb6qwuoIpb73Fb84oKzJAGZ

Malware Config

Extracted

Family

lumma

C2

https://showpanicke.shop/api

Targets

    • Target

      2524ba86ad74354568814ce10acaf5b1d2051c9769c384849306c4288899ee60.exe

    • Size

      3.1MB

    • MD5

      b0f809ab05260749f441911a983d2653

    • SHA1

      cbb1ea7e30c543e06325e130bad735c4be05bb10

    • SHA256

      2524ba86ad74354568814ce10acaf5b1d2051c9769c384849306c4288899ee60

    • SHA512

      d2489ed344f8a96f2a4544f1572ffdc5b5db078e839b0fa7c07902647720eb50a573af2a5c8343b9499ab9fd8cb33a9efc7adb99328993f96fc81c22967a3afa

    • SSDEEP

      49152:CMKO1on9iWK6q/C3luTg5Iokb7yfFTW8ibDw348JKVi+KmD6gAGbnwFk:C01Zb6qwuoIpb73Fb84oKzJAGZ

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.