General
-
Target
https://www.youtube.com/redirect?event=backstage_event&redir_token=QUFFLUhqa3d3c0t4eHJyN2s5c3FZUFZtS1lOWU5Ec2E3QXxBQ3Jtc0trbG43STRTSThHbjQ0ZWFRSFBmaWpuMUprVXF2UzN3anZGTTkwU2owVGJLYnBnaUkwUjNYd2Y3UFFXN2FWOUs0Yks2MTg4QUM3enRHMEI2OEFmSmVVNW9wMno1cnBLRFpnZ2ItejhqWFBUQjY0U2VBQQ&q=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Flmlxasekvi94ba7%2FCheat.zip%2Ffile
-
Sample
240701-nmrxrasdnr
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.youtube.com/redirect?event=backstage_event&redir_token=QUFFLUhqa3d3c0t4eHJyN2s5c3FZUFZtS1lOWU5Ec2E3QXxBQ3Jtc0trbG43STRTSThHbjQ0ZWFRSFBmaWpuMUprVXF2UzN3anZGTTkwU2owVGJLYnBnaUkwUjNYd2Y3UFFXN2FWOUs0Yks2MTg4QUM3enRHMEI2OEFmSmVVNW9wMno1cnBLRFpnZ2ItejhqWFBUQjY0U2VBQQ&q=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Flmlxasekvi94ba7%2FCheat.zip%2Ffile
Resource
win10v2004-20240611-en
Malware Config
Extracted
lumma
https://citizencenturygoodwk.shop/api
https://potterryisiw.shop/api
https://foodypannyjsud.shop/api
https://contintnetksows.shop/api
https://reinforcedirectorywd.shop/api
Targets
-
-
Target
https://www.youtube.com/redirect?event=backstage_event&redir_token=QUFFLUhqa3d3c0t4eHJyN2s5c3FZUFZtS1lOWU5Ec2E3QXxBQ3Jtc0trbG43STRTSThHbjQ0ZWFRSFBmaWpuMUprVXF2UzN3anZGTTkwU2owVGJLYnBnaUkwUjNYd2Y3UFFXN2FWOUs0Yks2MTg4QUM3enRHMEI2OEFmSmVVNW9wMno1cnBLRFpnZ2ItejhqWFBUQjY0U2VBQQ&q=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Flmlxasekvi94ba7%2FCheat.zip%2Ffile
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-