General
-
Target
https://www.youtube.com/redirect?event=backstage_event&redir_token=QUFFLUhqbU1PSWd2UGpJRC1FRzRXcXJvR2Z3enN0WnFmUXxBQ3Jtc0tsbGlCM08yWURTNm1RLTNMVEtzUzhhM3JnQ1REN1VCVTc4d0N4dnlsLVFjNzB1SE84M1YxZFJlcVp4U2M3LWIwLWEtOVJkb2NneGVycUZlb2U5OUZKQXk2ZGVGVkVuN0ZQc0Z0UzNlNzRSd3N4SjRHYw&q=https%3A%2F%2Fsites.google.com%2Fview%2Fdrcheats5
-
Sample
250314-wtmwdawwcx
Malware Config
Extracted
lumma
https://hingehjan.shop/api
https://featureccus.shop/api
https://mrodularmall.top/api
https://jowinjoinery.icu/api
https://wlegenassedk.top/api
https://htardwarehu.icu/api
https://cjlaspcorne.icu/api
https://.bugildbett.top/api
https://latchclan.shop/api
Extracted
latrodectus
1.4
https://remustarofilac.com/test/
https://horetimodual.com/test/
-
group
Ferrary
-
user_agent
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
Targets
-
-
Target
https://www.youtube.com/redirect?event=backstage_event&redir_token=QUFFLUhqbU1PSWd2UGpJRC1FRzRXcXJvR2Z3enN0WnFmUXxBQ3Jtc0tsbGlCM08yWURTNm1RLTNMVEtzUzhhM3JnQ1REN1VCVTc4d0N4dnlsLVFjNzB1SE84M1YxZFJlcVp4U2M3LWIwLWEtOVJkb2NneGVycUZlb2U5OUZKQXk2ZGVGVkVuN0ZQc0Z0UzNlNzRSd3N4SjRHYw&q=https%3A%2F%2Fsites.google.com%2Fview%2Fdrcheats5
Score10/10-
Latrodectus family
-
Latrodectus loader
Latrodectus is a loader written in C++.
-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Network Share Discovery
Attempt to gather information on host network.
-
Suspicious use of SetThreadContext
-