General
-
Target
https://sites.google.com/view/drcheats5
-
Sample
250316-nzsptatms5
Score
10/10
Malware Config
Extracted
Family
lumma
C2
https://hingehjan.shop/api
https://featureccus.shop/api
https://mrodularmall.top/api
https://jowinjoinery.icu/api
https://wlegenassedk.top/api
https://htardwarehu.icu/api
https://cjlaspcorne.icu/api
https://.bugildbett.top/api
https://latchclan.shop/api
Extracted
Family
latrodectus
Version
1.4
C2
https://remustarofilac.com/test/
https://horetimodual.com/test/
Attributes
-
group
Ferrary
-
user_agent
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
aes.hex
Targets
-
-
Target
https://sites.google.com/view/drcheats5
Score10/10-
Latrodectus family
-
Latrodectus loader
Latrodectus is a loader written in C++.
-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-