| bitbucket.org/smarthome234/kitchen/downloads/LummaC2.exe | 104.192.141.1 | 302 Found | 0 B |
URL User Request GET HTTP/2bitbucket.org/smarthome234/kitchen/downloads/LummaC2.exe IP104.192.141.1:443
CertificateIssuerDigiCert Inc Subjectbitbucket.org FingerprintBF:7C:47:A3:25:75:32:6E:C5:F8:EA:29:E6:BD:BA:2D:A7:99:28:78 ValidityWed, 13 Mar 2024 00:00:00 GMT - Sun, 13 Apr 2025 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smarthome234/kitchen/downloads/LummaC2.exe HTTP/1.1
Host: bitbucket.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: envoy
x-usage-quota-remaining: 999131.146
vary: Accept-Language, Origin
x-usage-request-cost: 882.13
cache-control: max-age=0, no-cache, no-store, must-revalidate, private
content-type: text/html; charset=utf-8
x-b3-traceid: b1e11a78892d727b
x-usage-output-ops: 0
x-used-mesh: False
x-dc-location: Micros-3
content-security-policy: object-src 'none'; connect-src bitbucket.org *.bitbucket.org bb-inf.net *.bb-inf.net id.atlassian.com api.atlassian.com api.stg.atlassian.com wss://bitbucketci-ws-service.services.atlassian.com/ wss://bitbucketci-ws-service.stg.services.atlassian.com/ wss://bitbucketci-ws-service.dev.services.atlassian.com/ analytics.atlassian.com atlassian-cookies--categories.us-east-1.prod.public.atl-paas.net as.atlassian.com api-private.stg.atlassian.com api-private.atlassian.com atl-global.atlassian.com cofs.staging.public.atl-paas.net cofs.prod.public.atl-paas.net fd-assets.prod.atl-paas.net flight-deck-assets-bifrost.prod-east.frontend.public.atl-paas.net intake.opbeat.com api.media.atlassian.com api.segment.io xid.statuspage.io xid.atlassian.com xid.sourcetreeapp.com bam.nr-data.net bam-cell.nr-data.net www.google-analytics.com sentry.io *.ingest.sentry.io events.launchdarkly.com app.launchdarkly.com fd-config.us-east-1.prod.public.atl-paas.net fd-config-bifrost.prod-east.frontend.public.atl-paas.net app.pendo.io data.pendo.io pendo-static-6266914010103808.storage.googleapis.com micros--prod-west--bitbucketci-file-service--files.s3.us-west-1.amazonaws.com micros--stg-west--bitbucketci-file-service--files.s3.us-west-1.amazonaws.com micros--ddev-west--bitbucketci-file-service--files.s3.ap-southeast-2.amazonaws.com bqlf8qjztdtr.statuspage.io https://d301sr5gafysq2.cloudfront.net/ https://d136azpfpnge1l.cloudfront.net/; base-uri 'self'; frame-ancestors 'self' start.atlassian.com start.stg.atlassian.com atlaskit.atlassian.com bitbucket.org app.pendo.io; script-src 'unsafe-eval' 'strict-dynamic' 'unsafe-inline' 'self' http: https: https://remote-app-switcher.stg-east.frontend.public.atl-paas.net https://remote-app-switcher.prod-east.frontend.public.atl-paas.net app.pendo.io cdn.pendo.io data.pendo.io pendo-io-static.storage.googleapis.com pendo-static-6266914010103808.storage.googleapis.com https://d301sr5gafysq2.cloudfront.net/ https://d136azpfpnge1l.cloudfront.net/; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; style-src 'self' 'unsafe-inline' https://aui-cdn.atlassian.com/ https://cdn.cookielaw.org/ app.pendo.io cdn.pendo.io pendo-static-6266914010103808.storage.googleapis.com https://d301sr5gafysq2.cloudfront.net/ https://d136azpfpnge1l.cloudfront.net/; report-uri https://web-security-reports.services.atlassian.com/csp-report/bb-website
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 16 Apr 2024 05:45:35 GMT
x-usage-user-time: 0.025612
x-usage-system-time: 0.000852
location: https://bbuseruploads.s3.amazonaws.com/59f03e88-1d8b-4a0c-a429-3c0c2c2c55dd/downloads/832e4b53-6595-4470-881a-c0268090bb0d/LummaC2.exe?response-content-disposition=attachment%3B%20filename%3D%22LummaC2.exe%22&AWSAccessKeyId=ASIA6KOSE3BNANPHWT6E&Signature=7cYmhueFhmX1S5vzm4We2iKjd4M%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEH4aCXVzLWVhc3QtMSJHMEUCIEolLr1ZKgk4LUi%2BVMbEh7a83AXsAF4RCBYIHNmUVt%2FLAiEA8l2XVRLVb404tZKPueHlf2XTv6E1xlZdEMh51f3hSc8qsAIIt%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDGUu6wwO%2BsptRXLyZyqEAuV1i0jnKYVI1xp8VEhdG71Mn%2FttwcMTOAfDTBKTh1QFwy7LhK4rdwJZWwKx9J7qCVh5OBWhOLtHpwHNrcWSOz5Zrahog%2B1EOd15CaBmYre9MfZ3%2BSNoQQISftHZsO7wEieNjK85IgWoGWqlKpN98NFd5sh%2FIjMWzxvjL9IZnYGmw1zs%2BlLzUst7Bst8gLjlO0vvBWubT4MqGUkkuHxjHm9EI5SGbywOBt0eSTU9WRcvJeYpLWZ6tTK4RmFnciLV4JrGX00ke7Yb2%2FCzKLDMNRsHWcgwUEZXcgjFN4re6dshJopkRxmq%2F5SamTQ1KP4mkg%2BC0gEnGhs2InaB3X111nL6dUfGMPKg%2BLAGOp0Bxs5hMnSlnepw51KdTs%2BgpAdegmHJxZ2O%2FXo%2BvZxyPAd%2BFW9TD%2BqfNt8vtg8dFEr3Q0HqvQMOQKz2AXaYQ8q2pD%2B0OY%2F6fo5jV2ajKlizIPHbza0OYWvEeTREu0s6bFJZw9kcQjdvsYGCaP9bfupr0c1fxIdWilmgKH7%2Ftlk%2F3ZJ8BG6381UzPjoKy0%2F6u6MtlI2Ea2csMic%2BOsIYdg%3D%3D&Expires=1713248122
expires: Tue, 16 Apr 2024 05:45:35 GMT
x-served-by: 912c86ab66ee
x-envoy-upstream-service-time: 56
content-language: en
x-view-name: bitbucket.apps.downloads.views.download_file
x-b3-spanid: b1e11a78892d727b
x-static-version: 558b2bbe7a88
x-render-time: 0.044248104095458984
x-usage-input-ops: 0
x-version: 558b2bbe7a88
x-request-count: 1645
x-frame-options: SAMEORIGIN
x-cache-info: not cacheable; response specified "Cache-Control: no-cache"
content-length: 0
X-Firefox-Spdy: h2
|
| bbuseruploads.s3.amazonaws.com/59f03e88-1d8b-4a0c-a429-3c0c2c2c55dd/downloads/832e4b53-6595-4470-881a-c0268090bb0d/LummaC2.exe?response-content-disposition=attachment%3B%20filename%3D%22LummaC2.exe%22&AWSAccessKeyId=ASIA6KOSE3BNANPHWT6E&Signature=7cYmhueFhmX1S5vzm4We2iKjd4M%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEH4aCXVzLWVhc3QtMSJHMEUCIEolLr1ZKgk4LUi%2BVMbEh7a83AXsAF4RCBYIHNmUVt%2FLAiEA8l2XVRLVb404tZKPueHlf2XTv6E1xlZdEMh51f3hSc8qsAIIt%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDGUu6wwO%2BsptRXLyZyqEAuV1i0jnKYVI1xp8VEhdG71Mn%2FttwcMTOAfDTBKTh1QFwy7LhK4rdwJZWwKx9J7qCVh5OBWhOLtHpwHNrcWSOz5Zrahog%2B1EOd15CaBmYre9MfZ3%2BSNoQQISftHZsO7wEieNjK85IgWoGWqlKpN98NFd5sh%2FIjMWzxvjL9IZnYGmw1zs%2BlLzUst7Bst8gLjlO0vvBWubT4MqGUkkuHxjHm9EI5SGbywOBt0eSTU9WRcvJeYpLWZ6tTK4RmFnciLV4JrGX00ke7Yb2%2FCzKLDMNRsHWcgwUEZXcgjFN4re6dshJopkRxmq%2F5SamTQ1KP4mkg%2BC0gEnGhs2InaB3X111nL6dUfGMPKg%2BLAGOp0Bxs5hMnSlnepw51KdTs%2BgpAdegmHJxZ2O%2FXo%2BvZxyPAd%2BFW9TD%2BqfNt8vtg8dFEr3Q0HqvQMOQKz2AXaYQ8q2pD%2B0OY%2F6fo5jV2ajKlizIPHbza0OYWvEeTREu0s6bFJZw9kcQjdvsYGCaP9bfupr0c1fxIdWilmgKH7%2Ftlk%2F3ZJ8BG6381UzPjoKy0%2F6u6MtlI2Ea2csMic%2BOsIYdg%3D%3D&Expires=1713248122 | 52.217.166.89 | 200 OK | 858 kB |
URL User Request GET HTTP/1.1bbuseruploads.s3.amazonaws.com/59f03e88-1d8b-4a0c-a429-3c0c2c2c55dd/downloads/832e4b53-6595-4470-881a-c0268090bb0d/LummaC2.exe?response-content-disposition=attachment%3B%20filename%3D%22LummaC2.exe%22&AWSAccessKeyId=ASIA6KOSE3BNANPHWT6E&Signature=7cYmhueFhmX1S5vzm4We2iKjd4M%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEH4aCXVzLWVhc3QtMSJHMEUCIEolLr1ZKgk4LUi%2BVMbEh7a83AXsAF4RCBYIHNmUVt%2FLAiEA8l2XVRLVb404tZKPueHlf2XTv6E1xlZdEMh51f3hSc8qsAIIt%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDGUu6wwO%2BsptRXLyZyqEAuV1i0jnKYVI1xp8VEhdG71Mn%2FttwcMTOAfDTBKTh1QFwy7LhK4rdwJZWwKx9J7qCVh5OBWhOLtHpwHNrcWSOz5Zrahog%2B1EOd15CaBmYre9MfZ3%2BSNoQQISftHZsO7wEieNjK85IgWoGWqlKpN98NFd5sh%2FIjMWzxvjL9IZnYGmw1zs%2BlLzUst7Bst8gLjlO0vvBWubT4MqGUkkuHxjHm9EI5SGbywOBt0eSTU9WRcvJeYpLWZ6tTK4RmFnciLV4JrGX00ke7Yb2%2FCzKLDMNRsHWcgwUEZXcgjFN4re6dshJopkRxmq%2F5SamTQ1KP4mkg%2BC0gEnGhs2InaB3X111nL6dUfGMPKg%2BLAGOp0Bxs5hMnSlnepw51KdTs%2BgpAdegmHJxZ2O%2FXo%2BvZxyPAd%2BFW9TD%2BqfNt8vtg8dFEr3Q0HqvQMOQKz2AXaYQ8q2pD%2B0OY%2F6fo5jV2ajKlizIPHbza0OYWvEeTREu0s6bFJZw9kcQjdvsYGCaP9bfupr0c1fxIdWilmgKH7%2Ftlk%2F3ZJ8BG6381UzPjoKy0%2F6u6MtlI2Ea2csMic%2BOsIYdg%3D%3D&Expires=1713248122 IP52.217.166.89:443
CertificateIssuerAmazon Subject*.s3.amazonaws.com FingerprintDC:41:A6:3E:EE:32:6F:36:76:5A:EF:9D:17:AF:14:13:E3:05:C6:D1 ValidityTue, 10 Oct 2023 00:00:00 GMT - Wed, 03 Jul 2024 23:59:59 GMT
File typePE32 executable (GUI) Intel 80386, for MS Windows, 4 sections Size858 kB (858112 bytes) Hash3981a20d799d93e59a8e05f1edde681e 74cc1effb5992568eb056114de99baecc3ff611a 779e6d552264e0b4ff17c2c98d142bb15f135c44bb2ca61b17a9d8b1f2e39544
Analyzer | Verdict | Alert | Public Nextron YARA rules | malware | Detects malware by known bad imphash or rich_pe_header_hash |
GET /59f03e88-1d8b-4a0c-a429-3c0c2c2c55dd/downloads/832e4b53-6595-4470-881a-c0268090bb0d/LummaC2.exe?response-content-disposition=attachment%3B%20filename%3D%22LummaC2.exe%22&AWSAccessKeyId=ASIA6KOSE3BNANPHWT6E&Signature=7cYmhueFhmX1S5vzm4We2iKjd4M%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEH4aCXVzLWVhc3QtMSJHMEUCIEolLr1ZKgk4LUi%2BVMbEh7a83AXsAF4RCBYIHNmUVt%2FLAiEA8l2XVRLVb404tZKPueHlf2XTv6E1xlZdEMh51f3hSc8qsAIIt%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDGUu6wwO%2BsptRXLyZyqEAuV1i0jnKYVI1xp8VEhdG71Mn%2FttwcMTOAfDTBKTh1QFwy7LhK4rdwJZWwKx9J7qCVh5OBWhOLtHpwHNrcWSOz5Zrahog%2B1EOd15CaBmYre9MfZ3%2BSNoQQISftHZsO7wEieNjK85IgWoGWqlKpN98NFd5sh%2FIjMWzxvjL9IZnYGmw1zs%2BlLzUst7Bst8gLjlO0vvBWubT4MqGUkkuHxjHm9EI5SGbywOBt0eSTU9WRcvJeYpLWZ6tTK4RmFnciLV4JrGX00ke7Yb2%2FCzKLDMNRsHWcgwUEZXcgjFN4re6dshJopkRxmq%2F5SamTQ1KP4mkg%2BC0gEnGhs2InaB3X111nL6dUfGMPKg%2BLAGOp0Bxs5hMnSlnepw51KdTs%2BgpAdegmHJxZ2O%2FXo%2BvZxyPAd%2BFW9TD%2BqfNt8vtg8dFEr3Q0HqvQMOQKz2AXaYQ8q2pD%2B0OY%2F6fo5jV2ajKlizIPHbza0OYWvEeTREu0s6bFJZw9kcQjdvsYGCaP9bfupr0c1fxIdWilmgKH7%2Ftlk%2F3ZJ8BG6381UzPjoKy0%2F6u6MtlI2Ea2csMic%2BOsIYdg%3D%3D&Expires=1713248122 HTTP/1.1
Host: bbuseruploads.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: mwlMTtpT+NOwlL3/HIUpqef/EYHgIVRDlkL2rQ2X3S+cvgWZdjkxfJ7o/wcqIrGBBMI3/oxEDcs=
x-amz-request-id: TA7Y1Z10CDV81QT0
Date: Tue, 16 Apr 2024 05:45:37 GMT
Last-Modified: Sun, 02 Jul 2023 14:20:36 GMT
ETag: "3981a20d799d93e59a8e05f1edde681e"
x-amz-server-side-encryption: AES256
x-amz-version-id: qgHfFKLqgpjH7hOCoCBBKl3cra0k8E5R
Content-Disposition: attachment; filename="LummaC2.exe"
Accept-Ranges: bytes
Content-Type: application/x-msdownload
Server: AmazonS3
Content-Length: 858112
|