Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://youtube.com

windows10-ltsc 2021-x64

10

Resubmissions

26-12-2024 12:33

241226-pq936swkbl 10

26-12-2024 12:21

241226-pjphwsvrgp 10

26-12-2024 12:12

241226-pdcbdavpax 10

23-12-2024 17:23

241223-vyh8bawkdz 10

23-12-2024 17:02

241223-vj7x5avqfs 7

23-12-2024 16:41

241223-t6493svnav 10

23-12-2024 16:30

241223-tz4d7svldy 4

23-12-2024 16:09

241223-tl5ecatrcv 10

22-12-2024 23:42

241222-3qhwksskhk 6

22-12-2024 23:31

241222-3hxprssjgm 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://youtube.com

  • Sample

    241222-3hxprssjgm

Score
10/10
lummadiscoveryexecutionpersistencephishingstealer

Malware Config

Extracted

Family

lumma

Targets

    • Target

      https://youtube.com

    Score
    10/10
    lummadiscoveryexecutionpersistencephishingstealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Lumma family

      lumma

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • A potential corporate email address has been identified in the URL: [email protected]

      phishing

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks