Description
The report investigates LummaC2, an infostealer malware actively distributed under the guise of illegal software. It highlights LummaC2's tactics of utilizing encrypted strings and abusing legitimate websites like Steam to acquire command-and-control (C2) domains. The malware steals sensitive user data and sends it to the C2 servers. The analysis delves into LummaC2's evolution, distribution methods, encryption routines, and the types of information it targets for theft.
Date
| Published | Created | Modified |
|---|---|---|
| July 26, 2024, 8:25 a.m. | July 26, 2024, 8:25 a.m. | July 26, 2024, 9 a.m. |
Indicators
https://steamcommunity.com/profiles/76561199724331900
https://unseaffarignsk.shop/api
https://upknittsoappz.shop/api
https://sicillyosopzv.shop/api
https://shepherdlyopzc.shop/api
https://reinforcedirectorywd.shop/api
https://outpointsozp.shop/api
https://liernessfornicsa.shop/api
https://lariatedzugspd.shop/api
https://indexterityszcoxp.shop/api
https://callosallsaospz.shop/api
Attack Patterns
LummaC2
Vidar
T1553.004
T1555.001
T1059.006
T1059.005
T1555.003
T1059.003
T1059.001
T1213
T1059.007
T1059.004
T1555
T1059.002
T1590
T1496
T1083
T1205
T1204
T1553
T1059