General
-
Target
https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbm9lQkFpY2FlMlRZYUFkelhDUXdZa0w0VHNvUXxBQ3Jtc0ttZkJGbWh3WEI1dXhZS1JHempHODF5NzRzdWlPNGZvdGRWUFUtUjgtZGZ3SWFKODBxNDM4R1B2ekMzV2paMzF5NnRjdXVncmtKSC0zOVZGWWZ1ZlJzd2FwNmxhOEY3U1QzZHEtMndncC1vajRSMW83Yw&q=https%3A%2F%2Ftinyurl.com%2Ftrustlauncherv1&v=7JQ1MYNGJMQ
-
Sample
240801-a7vmgsxcmd
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbm9lQkFpY2FlMlRZYUFkelhDUXdZa0w0VHNvUXxBQ3Jtc0ttZkJGbWh3WEI1dXhZS1JHempHODF5NzRzdWlPNGZvdGRWUFUtUjgtZGZ3SWFKODBxNDM4R1B2ekMzV2paMzF5NnRjdXVncmtKSC0zOVZGWWZ1ZlJzd2FwNmxhOEY3U1QzZHEtMndncC1vajRSMW83Yw&q=https%3A%2F%2Ftinyurl.com%2Ftrustlauncherv1&v=7JQ1MYNGJMQ
Resource
win10v2004-20240730-en
Malware Config
Extracted
lumma
https://craackypotsis.shop/api
https://applyzxcksdia.shop/api
https://replacedoxcjzp.shop/api
https://declaredczxi.shop/api
https://catchddkxozvp.shop/api
https://arriveoxpzxo.shop/api
https://contemplateodszsv.shop/api
https://bindceasdiwozx.shop/api
https://conformfucdioz.shop/api
Extracted
lumma
https://applyzxcksdia.shop/api
Targets
-
-
Target
https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbm9lQkFpY2FlMlRZYUFkelhDUXdZa0w0VHNvUXxBQ3Jtc0ttZkJGbWh3WEI1dXhZS1JHempHODF5NzRzdWlPNGZvdGRWUFUtUjgtZGZ3SWFKODBxNDM4R1B2ekMzV2paMzF5NnRjdXVncmtKSC0zOVZGWWZ1ZlJzd2FwNmxhOEY3U1QzZHEtMndncC1vajRSMW83Yw&q=https%3A%2F%2Ftinyurl.com%2Ftrustlauncherv1&v=7JQ1MYNGJMQ
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Enumerates processes with tasklist
-
Suspicious use of SetThreadContext
-