General
-
Target
https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbnNVVmNhb3BpOE1KbzVEbkw1RE51T21FVVB0UXxBQ3Jtc0tuMU5HOWRBcDZscERoVW5mWm1xaHJydkp2WFh0VlJXSDhFV3lER0s4b0p1UGtrTlM3T2ludk10TUdrbkpKaHBNTjBiZUduOEFQU3M1dWgwci0wV3d3RXZPdUR3VmlQM1k2UkhncWRMM04zR3V6cGstNA&q=https%3A%2F%2Fsites.google.com%2Fview%2Fdrcheats6&v=tHcODQQm4mo
-
Sample
250315-cl3r3swpz8
Malware Config
Extracted
latrodectus
1.4
https://remustarofilac.com/test/
https://horetimodual.com/test/
-
group
Ferrary
-
user_agent
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
Extracted
lumma
https://hingehjan.shop/api
https://featureccus.shop/api
https://mrodularmall.top/api
https://jowinjoinery.icu/api
https://wlegenassedk.top/api
https://htardwarehu.icu/api
https://cjlaspcorne.icu/api
https://.bugildbett.top/api
https://latchclan.shop/api
Targets
-
-
Target
https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbnNVVmNhb3BpOE1KbzVEbkw1RE51T21FVVB0UXxBQ3Jtc0tuMU5HOWRBcDZscERoVW5mWm1xaHJydkp2WFh0VlJXSDhFV3lER0s4b0p1UGtrTlM3T2ludk10TUdrbkpKaHBNTjBiZUduOEFQU3M1dWgwci0wV3d3RXZPdUR3VmlQM1k2UkhncWRMM04zR3V6cGstNA&q=https%3A%2F%2Fsites.google.com%2Fview%2Fdrcheats6&v=tHcODQQm4mo
Score10/10-
Latrodectus family
-
Latrodectus loader
Latrodectus is a loader written in C++.
-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-