General
-
Target
https://www.youtube.com/redirect?event=comments&redir_token=QUFFLUhqbXgzUGZwQjdSZVNQRVNadHVOMXo2MW1Kb1d4UXxBQ3Jtc0trTzdjb0tSTktteWowcHN1TVZkdDAxY3czRENxa2lJNHgwTXlFVnZmTi1tRklncnZ3TG14cVJzYXRBRnBlWWhoZkRJcXNqaWNyN2xLWkpvRmNLT09oNlM1SF9fb3NmdGJfc2NQallXdlA0UjhCNGcxVQ&q=https%3A%2F%2Fwww.mediafire.com%2Ffolder%2Fb0grvem9rqtd3%2FWave
-
Sample
241229-3p9b5s1jcs
Malware Config
Extracted
lumma
https://hummskitnj.buzz/api
https://cashfuzysao.buzz/api
https://appliacnesot.buzz/api
https://screwamusresz.buzz/api
https://inherineau.buzz/api
https://scentniej.buzz/api
https://rebuildeso.buzz/api
https://prisonyfork.buzz/api
https://begguinnerz.biz/api
Extracted
lumma
https://begguinnerz.biz/api
Targets
-
-
Target
https://www.youtube.com/redirect?event=comments&redir_token=QUFFLUhqbXgzUGZwQjdSZVNQRVNadHVOMXo2MW1Kb1d4UXxBQ3Jtc0trTzdjb0tSTktteWowcHN1TVZkdDAxY3czRENxa2lJNHgwTXlFVnZmTi1tRklncnZ3TG14cVJzYXRBRnBlWWhoZkRJcXNqaWNyN2xLWkpvRmNLT09oNlM1SF9fb3NmdGJfc2NQallXdlA0UjhCNGcxVQ&q=https%3A%2F%2Fwww.mediafire.com%2Ffolder%2Fb0grvem9rqtd3%2FWave
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
A potential corporate email address has been identified in the URL: [email protected]
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Enumerates processes with tasklist
-