Derin Statik Analiz — LummaC2 | Tehdit: critical

Dosya Kimligi

SHA256b119c2e196698a2a7567d8c250325153b532300d889a6cf70a341c059318d4b0
MD53b6cbde306806f446801a46506947cf1
SHA137fa13afd760fbed5547b6a164f34d114435a26b
Boyut1103360 byte
Tur/opt/ksentinel/samples/b119c2e196698a2a_Maxonic.exe: PE32 executable (GUI) Intel
DerlemeBilinmiyor
PackerUPX
C2 Adresi: Sifrelenmis/obfuskeli config (statik analizle cozulemedi)

Yetenekler

  • Telegram C2
  • TCP Socket C2

Gelistirici Ipuclari

PDB Yolu: bash: -c: line 1: syntax error near unexpected token `|' bash: -c: line 1: `grep -oiE '[A-Za-z]:\\Users\\[^\\]{2,30}\\[^

Email: c@5.ad

Telegram: @7cSyF @DVpH @eQcu @hv5Hy5 @hyAU

PE Analizi

Guvenlik Taramasi

file entropy:                    7.976962 (probably packed)
fpu anti-disassembly:            no
imagebase:                       normal
entrypoint:                      normal
DOS stub:               

Import Tablosu

Imported functions
    Library
        Name:                            MSVCRT.dll
        Functions
            Function
                Hint:                            665
                Name:                            memset
            Function
                Hint:                            744
                Name:                            wcsncmp
            Function
                H

Binwalk / Packer

DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------
0             0x0             Microsoft executable, portable (PE)
74184      

Aile Tespiti

String kaniti bulunamadi (sifrelenmis/obfuskeli).

LummaC2 — Malware Profile

LummaC2 Lumma Stealer. Maxonic.exe sahte marka. Babadeda crypter. RtlGetVersion surüm kontrol.

Malware Type
Infostealer
Programming Language
C/C++
C2 Protocol
HTTP/HTTPS
Target Systems
Kuresel

Capabilities & Behavior

Tarayıcı Kimlik Bilgileri
Çerez Hırsızlığı
Kripto Cüzdan Çalma
Sistem Bilgisi
Ekran Görüntüsü
FTP/SSH İstemci Şifreleri
E-posta İstemcisi Çalma
Veri Sızıntısı

IOC List (5 indicators)

IOC — LummaC2
# 37fa13afd760fbed5547b6a164f34d114435a26b # SHA256 b119c2e196698a2a7567d8c250325153b532300d889a6cf70a341c059318d4b0 # MD5 3b6cbde306806f446801a46506947cf1 # FILEPATH bash: -c: line 1: syntax error near unexpected token `|' # FILEPATH bash: -c: line 1: `grep -oiE '[A-Za-z]:\\[^\s\"'\'<>|*?]{5,150}' /tmp/all.txt | grep -viE '(msbuild|nuget|packages|Microsoft\.NET)' | sort -u | head -10'
TypeValueNote
37fa13afd760fbed5547b6a164f34d114435a26b
sha256 b119c2e196698a2a7567d8c250325153b532300d889a6cf70a341c059318d4b0
md5 3b6cbde306806f446801a46506947cf1
filepath bash: -c: line 1: syntax error near unexpected token `|'
filepath bash: -c: line 1: `grep -oiE '[A-Za-z]:\\[^\s\"'\'<>|*?]{5,150}' /tmp/all.txt | grep -viE '(msbuild|nuget|packages|Microsoft\.NET)' | sort -u | head -10'
Tags
lummac2statik-analizcriticalc2iocpe