Overview

overview

10

Static

static

1

URLScan

urlscan

https://github.com/g...

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://github.com/grandroylgayelite9/YTtool/releases/download/1/gitsoft_v1.19.7z

  • Sample

    240802-2h1kzstbnr

Score
10/10
lummadiscoverypersistenceprivilege_escalationstealer

Malware Config

Extracted

Family

lumma

C2

https://toughsnxcmxz.shop/api

https://empiredzmwnx.shop/api

https://boattyownerwrv.shop/api

https://rainbowmynsjn.shop/api

https://definitonizmnx.shop/api

https://creepydxzoxmj.shop/api

https://budgetttysnzm.shop/api

https://chippyfroggsyhz.shop/api

https://assumedtribsosp.shop/api

Extracted

Family

lumma

C2

https://toughsnxcmxz.shop/api

https://empiredzmwnx.shop/api

https://boattyownerwrv.shop/api

https://rainbowmynsjn.shop/api

https://definitonizmnx.shop/api

https://creepydxzoxmj.shop/api

https://budgetttysnzm.shop/api

https://chippyfroggsyhz.shop/api

https://assumedtribsosp.shop/api

https://tenntysjuxmz.shop/api

Targets

    • Target

      https://github.com/grandroylgayelite9/YTtool/releases/download/1/gitsoft_v1.19.7z

    Score
    10/10
    lummadiscoverypersistenceprivilege_escalationstealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks