ioc[.]one - OSINT Cyber Threat Intelligence Database

Fake Browser Updates Distribute LummaC Stealer, Amadey and…

Tags

cmtmf-attack-pattern:	Masquerading Traffic Distribution
country:	El Salvador Russia
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Model Models Credentials - T1589.001 Exploits - T1587.004 Exploits - T1588.005 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Msiexec - T1218.007 Phishing - T1660 Phishing - T1566 Process Hollowing - T1055.012 Python - T1059.006 Software - T1592.002 Tool - T1588.002 Vulnerabilities - T1588.006 Brute Force - T1110 Masquerading - T1036 Process Hollowing - T1093 Masquerading

Show in Graph

Common Information

Type	Value
UUID	20e95f16-1461-4c36-8bb0-268141fe15e5
Fingerprint	54408d1afb5078e
Analysis status	DONE
Considered CTI value	2
Text language
Published	Oct. 20, 2023, midnight
Added to db	Oct. 24, 2023, 1:13 p.m.
Last updated	Nov. 17, 2024, 10:40 p.m.
Headline	Fake Browser Updates Distribute LummaC Stealer, Amadey and PrivateLoader Malware
Title	Fake Browser Updates Distribute LummaC Stealer, Amadey and…
Detected Hints/Tags/Attributes	94/4/45

Source URLs

	Redirection	Url
Details	Source	https://www.esentire.com/blog/fake-browser-updates-distribute-lummac-stealer-amadey-and-privateloader-malware

URL Provider

Details	Provider	Source level domain
Details	esentire.com	www.esentire.com

Attributes

Details	Type	#Events	Value
Details	Domain	2	wnimodmoiejn.site
Details	Domain	2	stats-best.site
Details	Domain	5	ocmtancmi2c5t.xyz
Details	Domain	5	doorblu.xyz
Details	Domain	1	hopvibestravel.co
Details	Domain	3	lungalungaenergyltd.co.ke
Details	Domain	3	imagebengalnews.com
Details	Domain	707	google.com
Details	Domain	4	costexcise.xyz
Details	File	1205	index.php
Details	File	4	_index.php
Details	File	3	fp.php
Details	File	18	chromesetup.exe
Details	File	269	msiexec.exe
Details	File	27	c:\windows\system32\msiexec.exe
Details	File	6	update.msi
Details	File	8	vmwarehostopen.exe
Details	File	11	vmtools.dll
Details	File	2	vmo.log
Details	File	2126	cmd.exe
Details	File	1260	explorer.exe
Details	File	1	vmtool.dll
Details	File	48	mshtml.dll
Details	File	1	belgiumchainagro.exe
Details	File	3	adayn.exe
Details	File	2	amd.exe
Details	md5	1	0edde5e8300ad4e03f68c05bd022b998
Details	md5	1	95bd27110f462e416904970631fd48a0
Details	md5	2	e07aa33f0e6aec02240a232e71b7e741
Details	md5	1	06eb333662e7f99382ec51617688b946
Details	md5	1	f74fd27e645afaf4e31e87bfb5cce76f
Details	md5	1	80f2dd7209e1595cd98b2f3a94f1dcd5
Details	md5	1	7be1e9a1eade9773de6643fb1e4e0ffc
Details	md5	1	174c448c4ba7b38a1a2bc3b1bd89a2d4
Details	md5	1	d93c5f59ddc41313bf36f106a2f1fe17
Details	md5	1	0a92cfb0a0bc8323425bc4a2a3c18693
Details	sha256	4	c9094685ae4851fd5a5b886b73c7b07efd9b47ea0bdae3f823d035cf1b3b9e48
Details	IPv4	2	45.9.74.182
Details	Url	1	https://wnimodmoiejn.site/lander/chrome/index.php
Details	Url	2	https://stats-best.site/fp.php
Details	Url	3	https://ocmtancmi2c5t.xyz/82z2fn2afo/b3/update.msi
Details	Url	1	http://hopvibestravel.co.za/belgiumchainagro.exe
Details	Url	3	http://lungalungaenergyltd.co.ke/adayn.exe
Details	Url	1	http://imagebengalnews.com/amd.exe
Details	Windows Registry Key	2	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User