General

  • Target

    https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbFdhTGszdFByQTdOd1kwcXRuWTk3UjctOEFLUXxBQ3Jtc0ttUGdIcG0zQlFPSjBZR3g1QUtfdzc4WHNHQmpJM3JKLVRjcnRCcVNUcWdrZnVrUXMzcjRna1ZFaG04aEdLNFZ4eEtDN2RnMlRDdzFnQ1hoNzg0dU9ldnJsb2Jka1I0V3BQLURiUTRRZlpZa0pTZldsWQ&q=https%3A%2F%2Fwww.mediafire.com%2Ffolder%2Fpcu35b6nrb60w%2FqeUaxJCA3FO&v=LWkyxNcQVdc

  • Sample

    240704-3a5qeavfpk

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://citizencenturygoodwk.shop/api

Targets

    • Target

      https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbFdhTGszdFByQTdOd1kwcXRuWTk3UjctOEFLUXxBQ3Jtc0ttUGdIcG0zQlFPSjBZR3g1QUtfdzc4WHNHQmpJM3JKLVRjcnRCcVNUcWdrZnVrUXMzcjRna1ZFaG04aEdLNFZ4eEtDN2RnMlRDdzFnQ1hoNzg0dU9ldnJsb2Jka1I0V3BQLURiUTRRZlpZa0pTZldsWQ&q=https%3A%2F%2Fwww.mediafire.com%2Ffolder%2Fpcu35b6nrb60w%2FqeUaxJCA3FO&v=LWkyxNcQVdc

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Executes dropped EXE

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks