General
-
Target
https://www.youtube.com/redirect?event=channel_header&redir_token=QUFFLUhqa0U5S1Z3QmdoZEtMVzhqWUtJS0lOQXNtcThkQXxBQ3Jtc0ttSm9KLWpBZkdjYjk3V3FTS1VzS2ZITzNGMHlENmJDa1hqNVdQRWJSMTBuSnFMblZsSDdRVjZVaW1jZEhGQ2hiTTdGa0hXc183cVlPZ29QR1d1OTFUTmYtU0R5T056SXF2Q2hYaGdwNGRaUGlXWG5OUQ&q=https%3A%2F%2Fupload.advgroup.ru%2FmvWwiE4h
-
Sample
240707-12tq4s1fkb
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.youtube.com/redirect?event=channel_header&redir_token=QUFFLUhqa0U5S1Z3QmdoZEtMVzhqWUtJS0lOQXNtcThkQXxBQ3Jtc0ttSm9KLWpBZkdjYjk3V3FTS1VzS2ZITzNGMHlENmJDa1hqNVdQRWJSMTBuSnFMblZsSDdRVjZVaW1jZEhGQ2hiTTdGa0hXc183cVlPZ29QR1d1OTFUTmYtU0R5T056SXF2Q2hYaGdwNGRaUGlXWG5OUQ&q=https%3A%2F%2Fupload.advgroup.ru%2FmvWwiE4h
Resource
win10v2004-20240704-en
Behavioral task
behavioral2
Sample
https://www.youtube.com/redirect?event=channel_header&redir_token=QUFFLUhqa0U5S1Z3QmdoZEtMVzhqWUtJS0lOQXNtcThkQXxBQ3Jtc0ttSm9KLWpBZkdjYjk3V3FTS1VzS2ZITzNGMHlENmJDa1hqNVdQRWJSMTBuSnFMblZsSDdRVjZVaW1jZEhGQ2hiTTdGa0hXc183cVlPZ29QR1d1OTFUTmYtU0R5T056SXF2Q2hYaGdwNGRaUGlXWG5OUQ&q=https%3A%2F%2Fupload.advgroup.ru%2FmvWwiE4h
Resource
win11-20240704-en
Malware Config
Extracted
lumma
https://bitchsafettyudjwu.shop/api
Targets
-
-
Target
https://www.youtube.com/redirect?event=channel_header&redir_token=QUFFLUhqa0U5S1Z3QmdoZEtMVzhqWUtJS0lOQXNtcThkQXxBQ3Jtc0ttSm9KLWpBZkdjYjk3V3FTS1VzS2ZITzNGMHlENmJDa1hqNVdQRWJSMTBuSnFMblZsSDdRVjZVaW1jZEhGQ2hiTTdGa0hXc183cVlPZ29QR1d1OTFUTmYtU0R5T056SXF2Q2hYaGdwNGRaUGlXWG5OUQ&q=https%3A%2F%2Fupload.advgroup.ru%2FmvWwiE4h
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-