General
-
Target
https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbFdhTGszdFByQTdOd1kwcXRuWTk3UjctOEFLUXxBQ3Jtc0ttUGdIcG0zQlFPSjBZR3g1QUtfdzc4WHNHQmpJM3JKLVRjcnRCcVNUcWdrZnVrUXMzcjRna1ZFaG04aEdLNFZ4eEtDN2RnMlRDdzFnQ1hoNzg0dU9ldnJsb2Jka1I0V3BQLURiUTRRZlpZa0pTZldsWQ&q=https%3A%2F%2Fwww.mediafire.com%2Ffolder%2Fpcu35b6nrb60w%2FqeUaxJCA3FO&v=LWkyxNcQVdc
-
Sample
240704-3a5qeavfpk
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbFdhTGszdFByQTdOd1kwcXRuWTk3UjctOEFLUXxBQ3Jtc0ttUGdIcG0zQlFPSjBZR3g1QUtfdzc4WHNHQmpJM3JKLVRjcnRCcVNUcWdrZnVrUXMzcjRna1ZFaG04aEdLNFZ4eEtDN2RnMlRDdzFnQ1hoNzg0dU9ldnJsb2Jka1I0V3BQLURiUTRRZlpZa0pTZldsWQ&q=https%3A%2F%2Fwww.mediafire.com%2Ffolder%2Fpcu35b6nrb60w%2FqeUaxJCA3FO&v=LWkyxNcQVdc
Resource
win10v2004-20240704-en
Malware Config
Extracted
lumma
https://citizencenturygoodwk.shop/api
Targets
-
-
Target
https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbFdhTGszdFByQTdOd1kwcXRuWTk3UjctOEFLUXxBQ3Jtc0ttUGdIcG0zQlFPSjBZR3g1QUtfdzc4WHNHQmpJM3JKLVRjcnRCcVNUcWdrZnVrUXMzcjRna1ZFaG04aEdLNFZ4eEtDN2RnMlRDdzFnQ1hoNzg0dU9ldnJsb2Jka1I0V3BQLURiUTRRZlpZa0pTZldsWQ&q=https%3A%2F%2Fwww.mediafire.com%2Ffolder%2Fpcu35b6nrb60w%2FqeUaxJCA3FO&v=LWkyxNcQVdc
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-