General

  • Target

    https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbm9lQkFpY2FlMlRZYUFkelhDUXdZa0w0VHNvUXxBQ3Jtc0ttZkJGbWh3WEI1dXhZS1JHempHODF5NzRzdWlPNGZvdGRWUFUtUjgtZGZ3SWFKODBxNDM4R1B2ekMzV2paMzF5NnRjdXVncmtKSC0zOVZGWWZ1ZlJzd2FwNmxhOEY3U1QzZHEtMndncC1vajRSMW83Yw&q=https%3A%2F%2Ftinyurl.com%2Ftrustlauncherv1&v=7JQ1MYNGJMQ

  • Sample

    240801-a7vmgsxcmd

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://craackypotsis.shop/api

https://applyzxcksdia.shop/api

https://replacedoxcjzp.shop/api

https://declaredczxi.shop/api

https://catchddkxozvp.shop/api

https://arriveoxpzxo.shop/api

https://contemplateodszsv.shop/api

https://bindceasdiwozx.shop/api

https://conformfucdioz.shop/api

Extracted

Family

lumma

C2

https://applyzxcksdia.shop/api

Targets

    • Target

      https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbm9lQkFpY2FlMlRZYUFkelhDUXdZa0w0VHNvUXxBQ3Jtc0ttZkJGbWh3WEI1dXhZS1JHempHODF5NzRzdWlPNGZvdGRWUFUtUjgtZGZ3SWFKODBxNDM4R1B2ekMzV2paMzF5NnRjdXVncmtKSC0zOVZGWWZ1ZlJzd2FwNmxhOEY3U1QzZHEtMndncC1vajRSMW83Yw&q=https%3A%2F%2Ftinyurl.com%2Ftrustlauncherv1&v=7JQ1MYNGJMQ

    Score
    10/10
    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Enumerates processes with tasklist

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks