General

  • Target

    https://www.youtube.com/watch?v=cBjXZJrSNbE

  • Sample

    250518-skstgstqt3

Malware Config

Extracted

Family

lumma

C2

https://shoresolfe.live/ysbt

https://narrathfpt.top/tekq

https://jackthyfuc.run/xpas

https://onehunqpom.life/zpxd

https://laminaflbx.shop/twoq

https://overcovtcg.top/juhd

https://blackswmxc.top/bgry

https://iwposseswsnc.top/akds

https://featurlyin.top/pdal

Targets

    • Target

      https://www.youtube.com/watch?v=cBjXZJrSNbE

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Modifies WinLogon for persistence

    • Disables RegEdit via registry modification

    • Downloads MZ/PE file

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Sets desktop wallpaper using registry

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v16

Tasks