General
-
Target
https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbWJiS3dWVnJ2aHNPNm9hQ3I0YkhVY1RBX2Nhd3xBQ3Jtc0tsT3ZzWFQ2TXdMX3g1a18xM0RuTkxoeUpkUnh3OXRIWG9UX2lQLUVWNU1rQldpUkt4N2dhWkc1cy1HNmd0MWt0clBTMHFmRWNZU3k3ZzM4N2J4X3RzQzBQM2R5Wkl1V05lZEF4NmFUdEVHNF84eU1kWQ&q=https%3A%2F%2Fsites.google.com%2Fview%2Fdrcheats6&v=BwRtsTa5LkQ
-
Sample
250316-drdktatl15
Malware Config
Extracted
latrodectus
1.4
https://remustarofilac.com/test/
https://horetimodual.com/test/
-
group
Ferrary
-
user_agent
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
Extracted
lumma
https://hingehjan.shop/api
https://featureccus.shop/api
https://mrodularmall.top/api
https://jowinjoinery.icu/api
https://wlegenassedk.top/api
https://htardwarehu.icu/api
https://cjlaspcorne.icu/api
https://.bugildbett.top/api
https://latchclan.shop/api
Targets
-
-
Target
https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbWJiS3dWVnJ2aHNPNm9hQ3I0YkhVY1RBX2Nhd3xBQ3Jtc0tsT3ZzWFQ2TXdMX3g1a18xM0RuTkxoeUpkUnh3OXRIWG9UX2lQLUVWNU1rQldpUkt4N2dhWkc1cy1HNmd0MWt0clBTMHFmRWNZU3k3ZzM4N2J4X3RzQzBQM2R5Wkl1V05lZEF4NmFUdEVHNF84eU1kWQ&q=https%3A%2F%2Fsites.google.com%2Fview%2Fdrcheats6&v=BwRtsTa5LkQ
Score10/10-
Latrodectus family
-
Latrodectus loader
Latrodectus is a loader written in C++.
-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-