General
-
Target
2524ba86ad74354568814ce10acaf5b1d2051c9769c384849306c4288899ee60.exe
-
Size
3.1MB
-
Sample
250113-xttvcstphx
-
MD5
b0f809ab05260749f441911a983d2653
-
SHA1
cbb1ea7e30c543e06325e130bad735c4be05bb10
-
SHA256
2524ba86ad74354568814ce10acaf5b1d2051c9769c384849306c4288899ee60
-
SHA512
d2489ed344f8a96f2a4544f1572ffdc5b5db078e839b0fa7c07902647720eb50a573af2a5c8343b9499ab9fd8cb33a9efc7adb99328993f96fc81c22967a3afa
-
SSDEEP
49152:CMKO1on9iWK6q/C3luTg5Iokb7yfFTW8ibDw348JKVi+KmD6gAGbnwFk:C01Zb6qwuoIpb73Fb84oKzJAGZ
Static task
static1
Behavioral task
behavioral1
Sample
2524ba86ad74354568814ce10acaf5b1d2051c9769c384849306c4288899ee60.exe
Resource
win7-20241010-en
Malware Config
Extracted
lumma
https://showpanicke.shop/api
Targets
-
-
Target
2524ba86ad74354568814ce10acaf5b1d2051c9769c384849306c4288899ee60.exe
-
Size
3.1MB
-
MD5
b0f809ab05260749f441911a983d2653
-
SHA1
cbb1ea7e30c543e06325e130bad735c4be05bb10
-
SHA256
2524ba86ad74354568814ce10acaf5b1d2051c9769c384849306c4288899ee60
-
SHA512
d2489ed344f8a96f2a4544f1572ffdc5b5db078e839b0fa7c07902647720eb50a573af2a5c8343b9499ab9fd8cb33a9efc7adb99328993f96fc81c22967a3afa
-
SSDEEP
49152:CMKO1on9iWK6q/C3luTg5Iokb7yfFTW8ibDw348JKVi+KmD6gAGbnwFk:C01Zb6qwuoIpb73Fb84oKzJAGZ
-
Lumma family
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-