Overview

overview

10

Static

static

1

URLScan

urlscan

https://github.com/N...

windows10-2004-x64

10

Resubmissions

15/03/2025, 15:46

250315-s7vllaxsey 10

15/03/2025, 15:34

250315-sztpbswzhs 6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://github.com/NordVPN-Crack-key

  • Sample

    250315-s7vllaxsey

Score
10/10
latrodectuslummadiscoveryloaderspywarestealer

Malware Config

Extracted

Family

lumma

C2

https://hingehjan.shop/api

https://featureccus.shop/api

https://wmrodularmall.top/api

https://jowinjoinery.icu/api

https://legenassedk.top/api

https://htardwarehu.icu/api

https://2cjlaspcorne.icu/api

https://bugildbett.top/api

https://6latchclan.shop/api

Extracted

Family

latrodectus

Version

1.4

C2

https://remustarofilac.com/test/

https://horetimodual.com/test/
Attributes
  • group

    Ferrary

  • user_agent

    Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)

aes.hex

Targets

    • Target

      https://github.com/NordVPN-Crack-key

    Score
    10/10
    latrodectuslummadiscoveryloaderspywarestealer

    • Latrodectus family

      latrodectus

    • Latrodectus loader

      Latrodectus is a loader written in C++.

      loaderlatrodectus

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Lumma family

      lumma

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks