General
-
Target
https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbFlVcFUyTjJtSC16cEx3aHp4T0ExN2JJYk0tZ3xBQ3Jtc0trUktQcTgtaEVJZ1pkWHhkalVLRE9ZOUM0OFVUQllhT1BYRUVNMWFiUDFjSEZnVEZHRFo5U1VYNFRibVpPaXJrM0JtNFRmVUFvUC1FdG1RU3YxOW1Fb09mTnR0dFl0WUUwTmlneXo5bFlZaE1YZWlhdw&q=https%3A%2F%2Fethelium.club%2F&v=xeSk5-W1W6Q
-
Sample
250410-zmxc1ssj15
Malware Config
Extracted
lumma
https://modproz.run/opqz
https://2jsoursopsf.run/gsoiao
https://changeaie.top/geps
https://easyupgw.live/eosz
https://liftally.top/xasj
https://upmodini.digital/gokk
https://salaccgfa.top/gsooz
https://zestmodp.top/zeda
https://xcelmodo.run/nahd
Targets
-
-
Target
https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbFlVcFUyTjJtSC16cEx3aHp4T0ExN2JJYk0tZ3xBQ3Jtc0trUktQcTgtaEVJZ1pkWHhkalVLRE9ZOUM0OFVUQllhT1BYRUVNMWFiUDFjSEZnVEZHRFo5U1VYNFRibVpPaXJrM0JtNFRmVUFvUC1FdG1RU3YxOW1Fb09mTnR0dFl0WUUwTmlneXo5bFlZaE1YZWlhdw&q=https%3A%2F%2Fethelium.club%2F&v=xeSk5-W1W6Q
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Executes dropped EXE
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
MITRE ATT&CK Enterprise v16
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3