Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

LummaC2 Malware Abusing the Game Platform 'Steam'

July 26, 2024, 9 a.m.

Description

The report investigates LummaC2, an infostealer malware actively distributed under the guise of illegal software. It highlights LummaC2's tactics of utilizing encrypted strings and abusing legitimate websites like Steam to acquire command-and-control (C2) domains. The malware steals sensitive user data and sends it to the C2 servers. The analysis delves into LummaC2's evolution, distribution methods, encryption routines, and the types of information it targets for theft.

Date

Published: July 26, 2024, 8:25 a.m.

Created: July 26, 2024, 8:25 a.m.

Modified: July 26, 2024, 9 a.m.

Indicators

https://steamcommunity.com/profiles/76561199724331900

https://unseaffarignsk.shop/api

https://upknittsoappz.shop/api

https://sicillyosopzv.shop/api

https://shepherdlyopzc.shop/api

https://reinforcedirectorywd.shop/api

https://outpointsozp.shop/api

https://liernessfornicsa.shop/api

https://lariatedzugspd.shop/api

https://indexterityszcoxp.shop/api

https://callosallsaospz.shop/api

unseaffarignsk.shop

sicillyosopzv.shop

upknittsoappz.shop

shepherdlyopzc.shop

outpointsozp.shop

reinforcedirectorywd.shop

liernessfornicsa.shop

indexterityszcoxp.shop

lariatedzugspd.shop

callosallsaospz.shop

Attack Patterns

LummaC2

Vidar

T1553.004

T1555.001

T1059.006

T1059.005

T1555.003

T1059.003

T1059.001

T1213

T1059.007

T1059.004

T1555

T1059.002

T1590

T1496

T1083

T1205

T1204

T1553

T1059