General
-
Target
https://www.youtube.com/redirect?event=comments&redir_token=QUFFLUhqbExUNVRSY19WUHA2TW4zSk1WNlEwNFBaNGVyQXxBQ3Jtc0trZnlWNWRid0xWeTNHYm5NQ3ZZTW1PLThYQThQcW9OY0Vob3JwSzZTdGtoSVBNWGFKVVdCNXdXSmlyeWNNVVJaYlV5bm1aRjlwaVltdUc3Q0xmcU42aTNoVDZfZklhWWJHeDIzcTdfQ3I3MXoyMDFTdw&q=https%3A%2F%2Froxploits.ws%2F
-
Sample
250101-xzacxayrgv
Malware Config
Extracted
lumma
https://cloudewahsj.shop/api
https://rabidcowse.shop/api
https://noisycuttej.shop/api
https://tirepublicerj.shop/api
https://framekgirus.shop/api
https://wholersorie.shop/api
https://abruptyopsn.shop/api
https://nearycrepso.shop/api
Extracted
lumma
https://abruptyopsn.shop/api
https://wholersorie.shop/api
https://framekgirus.shop/api
https://tirepublicerj.shop/api
https://noisycuttej.shop/api
https://rabidcowse.shop/api
https://cloudewahsj.shop/api
Targets
-
-
Target
https://www.youtube.com/redirect?event=comments&redir_token=QUFFLUhqbExUNVRSY19WUHA2TW4zSk1WNlEwNFBaNGVyQXxBQ3Jtc0trZnlWNWRid0xWeTNHYm5NQ3ZZTW1PLThYQThQcW9OY0Vob3JwSzZTdGtoSVBNWGFKVVdCNXdXSmlyeWNNVVJaYlV5bm1aRjlwaVltdUc3Q0xmcU42aTNoVDZfZklhWWJHeDIzcTdfQ3I3MXoyMDFTdw&q=https%3A%2F%2Froxploits.ws%2F
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
A potential corporate email address has been identified in the URL: =@L
-
Legitimate hosting services abused for malware hosting/C2
-