Overview

overview

10

Static

static

1

URLScan

urlscan

https://www.youtube....

windows10-1703-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    https://www.youtube.com/watch?v=5bE1QdZRBDs

  • Sample

    240906-nj1eqatdjn

Score
10/10
lummaredline@topgcrcredential_accessdiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

@topgcr

C2

185.196.9.26:6302

Extracted

Family

lumma

C2

https://condedqpwqm.shop/api

Targets

    • Target

      https://www.youtube.com/watch?v=5bE1QdZRBDs

    Score
    10/10
    lummaredline@topgcrcredential_accessdiscoveryinfostealerspywarestealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks