Resubmissions

25-05-2024 12:09

240525-pbs64saa42 6

23-05-2024 14:41

240523-r2rgbaef5t 8

23-05-2024 13:11

240523-qe56hscc21 10

23-05-2024 13:11

240523-qe3qdscd66 1

23-05-2024 13:03

240523-qat8fsbh47 1

General

  • Target

    https://youtube.com

  • Sample

    240524-gc1nksfd24

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://museumtespaceorsp.shop/api

https://buttockdecarderwiso.shop/api

https://averageaattractiionsl.shop/api

https://femininiespywageg.shop/api

https://employhabragaomlsp.shop/api

https://stalfbaclcalorieeis.shop/api

https://civilianurinedtsraov.shop/api

https://roomabolishsnifftwk.shop/api

https://directorryversionyju.shop/api

https://entitlementappwo.shop/api

https://economicscreateojsu.shop/api

https://pushjellysingeywus.shop/api

https://absentconvicsjawun.shop/api

https://suitcaseacanehalk.shop/api

https://bordersoarmanusjuw.shop/api

https://mealplayerpreceodsju.shop/api

https://wifeplasterbakewis.shop/api

Targets

    • Target

      https://youtube.com

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks