ioc[.]one - OSINT Cyber Threat Intelligence Database

LummaC2 Malware and Malicious Chrome Extension Delivered via DLL…

Tags

maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Models Dll Side-Loading - T1574.002 Exploits - T1587.004 Exploits - T1588.005 Hardware - T1592.001 Hijack Execution Flow - T1574 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Software - T1592.002 Vulnerabilities - T1588.006 Browser Extensions - T1176 Brute Force - T1110 Connection Proxy - T1090 Dll Side-Loading - T1073 Powershell - T1086

Show in Graph

Common Information

Type	Value
UUID	b00aac5d-51cb-4a30-8f77-482d1f5e3151
Fingerprint	14229891bb1d4f2c
Analysis status	DONE
Considered CTI value	2
Text language
Published	Sept. 5, 2024, midnight
Added to db	Sept. 16, 2024, 1:22 p.m.
Last updated	Nov. 17, 2024, 7:44 p.m.
Headline	LummaC2 Malware and Malicious Chrome Extension Delivered via DLL Side-Loading
Title	LummaC2 Malware and Malicious Chrome Extension Delivered via DLL…
Detected Hints/Tags/Attributes	71/2/29

Source URLs

	Redirection	Url
Details	Source	https://www.esentire.com/blog/lummac2-malware-and-malicious-chrome-extension-delivered-via-dll-side-loading

URL Provider

Details	Provider	Source level domain
Details	esentire.com	www.esentire.com

Attributes

Details	Type	#Events	Value
Details	CVE	84	cve-2024-40766
Details	CVE	23	cve-2024-28986
Details	Domain	1	get-license2.com
Details	Domain	3	two-root.com
Details	Domain	1	payments.google
Details	Domain	1	consent.youtube.com
Details	Domain	58	accounts.google.com
Details	Domain	2	adsmanager.facebook.com
Details	Domain	12	chrome.storage
Details	Domain	360	attack.mitre.org
Details	Domain	29	www.trellix.com
Details	Domain	4127	github.com
Details	File	1	installer___.zip
Details	File	2	rnp.dll
Details	File	1	nijboq.rar
Details	File	1	rnpkeys.exe
Details	File	8	proxy.js
Details	File	1	side-loading.txt
Details	Github username	2	mandatoryprogrammer
Details	Github username	1	esthreatintelligence
Details	md5	1	1825d0310bf5029899f42004c4a1ef83
Details	md5	1	63efe86838e7196cedd93d7c10ac40e6
Details	md5	1	3b97f0f4f5a616d19d919c359ebd3086
Details	MITRE ATT&CK Techniques	227	T1574.002
Details	MITRE ATT&CK Techniques	164	T1574
Details	Url	13	https://attack.mitre.org/techniques/t1574/002
Details	Url	1	https://www.trellix.com/blogs/research/genesis-market-no-longer-feeds-the-evil-cookie-monster
Details	Url	1	https://github.com/mandatoryprogrammer/cursedchrome/tree/master
Details	Url	1	https://github.com/esthreatintelligence/iocs/blob/main/lummac2/lummac2