Derin Statik Analiz — LummaC2 | Tehdit: critical
Dosya Kimligi
| SHA256 | b119c2e196698a2a7567d8c250325153b532300d889a6cf70a341c059318d4b0 |
|---|---|
| MD5 | 3b6cbde306806f446801a46506947cf1 |
| SHA1 | 37fa13afd760fbed5547b6a164f34d114435a26b |
| Boyut | 1103360 byte |
| Tur | /opt/ksentinel/samples/b119c2e196698a2a_Maxonic.exe: PE32 executable (GUI) Intel |
| Derleme | Bilinmiyor |
| Packer | UPX |
C2 Adresi: Sifrelenmis/obfuskeli config (statik analizle cozulemedi)
Yetenekler
- Telegram C2
- TCP Socket C2
Gelistirici Ipuclari
PDB Yolu: bash: -c: line 1: syntax error near unexpected token `|'
bash: -c: line 1: `grep -oiE '[A-Za-z]:\\Users\\[^\\]{2,30}\\[^
Email: c@5.ad
Telegram: @7cSyF @DVpH @eQcu @hv5Hy5 @hyAU
PE Analizi
Guvenlik Taramasi
file entropy: 7.976962 (probably packed) fpu anti-disassembly: no imagebase: normal entrypoint: normal DOS stub:
Import Tablosu
Imported functions
Library
Name: MSVCRT.dll
Functions
Function
Hint: 665
Name: memset
Function
Hint: 744
Name: wcsncmp
Function
HBinwalk / Packer
DECIMAL HEXADECIMAL DESCRIPTION -------------------------------------------------------------------------------- 0 0x0 Microsoft executable, portable (PE) 74184
Aile Tespiti
String kaniti bulunamadi (sifrelenmis/obfuskeli).
LummaC2 — Malware Profile
LummaC2 Lumma Stealer. Maxonic.exe sahte marka. Babadeda crypter. RtlGetVersion surüm kontrol.
Malware Type
Infostealer
Programming Language
C/C++
C2 Protocol
HTTP/HTTPS
Target Systems
Kuresel
Capabilities & Behavior
Tarayıcı Kimlik Bilgileri
Çerez Hırsızlığı
Kripto Cüzdan Çalma
Sistem Bilgisi
Ekran Görüntüsü
FTP/SSH İstemci Şifreleri
E-posta İstemcisi Çalma
Veri Sızıntısı
IOC List (5 indicators)
IOC — LummaC2
#
37fa13afd760fbed5547b6a164f34d114435a26b
# SHA256
b119c2e196698a2a7567d8c250325153b532300d889a6cf70a341c059318d4b0
# MD5
3b6cbde306806f446801a46506947cf1
# FILEPATH
bash: -c: line 1: syntax error near unexpected token `|'
# FILEPATH
bash: -c: line 1: `grep -oiE '[A-Za-z]:\\[^\s\"'\'<>|*?]{5,150}' /tmp/all.txt | grep -viE '(msbuild|nuget|packages|Microsoft\.NET)' | sort -u | head -10'
| Type | Value | Note |
|---|---|---|
| 37fa13afd760fbed5547b6a164f34d114435a26b | ||
| sha256 | b119c2e196698a2a7567d8c250325153b532300d889a6cf70a341c059318d4b0 | |
| md5 | 3b6cbde306806f446801a46506947cf1 | |
| filepath | bash: -c: line 1: syntax error near unexpected token `|' | |
| filepath | bash: -c: line 1: `grep -oiE '[A-Za-z]:\\[^\s\"'\'<>|*?]{5,150}' /tmp/all.txt | grep -viE '(msbuild|nuget|packages|Microsoft\.NET)' | sort -u | head -10' |