Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.exchange/users/adulau/statuses/113160519902369417">Alexandre Dulaunoy (adulau@infosec.exchange)'s status on Thursday, 19-Sep-2024 05:52:48 JST</a><a href="https://infosec.exchange/@adulau" title="adulau@infosec.exchange"><img src="https://gnusocial.jp/avatar/204538-48-20231027091710.webp" width="48" height="48" alt="Alexandre Dulaunoy" style="position: absolute; left: 0; top: 0;">Alexandre Dulaunoy</a></section><article><p>A funny phishing targeting GitHub users with an email notification about a security issue on a existing repository.</p><p>Then the captcha verification on a malicious website is trying to trick the user to run a shell command on Windows.</p><p>🔗 Powershell to be executed by the user <br><a href="https://gist.github.com/adulau/6cf6f3e9c5bbd9106af8814d0a22f473" rel="nofollow noreferrer">https://gist.github.com/adulau/6cf6f3e9c5bbd9106af8814d0a22f473</a></p><p>🔗 File downloaded <a href="https://pandora.circl.lu/analysis/21e8f693-361b-4a04-853c-276f9dd841e4/seed-1XqUr4mADaFYlLAyrBH8oQUBgOoEbceZ586b8h05YyA" rel="nofollow noreferrer">https://pandora.circl.lu/analysis/21e8f693-361b-4a04-853c-276f9dd841e4/seed-1XqUr4mADaFYlLAyrBH8oQUBgOoEbceZ586b8h05YyA</a> - Lumma Stealer  </p><p>🔗 Malicious domain analysis. <a href="https://lookyloo.circl.lu/tree/91106035-dfec-4acc-af06-c9fc36c62774" rel="nofollow noreferrer">https://lookyloo.circl.lu/tree/91106035-dfec-4acc-af06-c9fc36c62774</a></p><p><a href="https://infosec.exchange/tags/malware" rel="tag">#malware</a> <a href="https://infosec.exchange/tags/malwareanalysis" rel="tag">#malwareanalysis</a> <a href="https://infosec.exchange/tags/infosec" rel="tag">#infosec</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/3690949#notice-7230305">In conversation</a><time datetime="2024-09-19T05:52:48+09:00" title="Thursday, 19-Sep-2024 05:52:48 JST">about 2 months ago</time> <span>from <span><a href="https://infosec.exchange/@adulau/113160519902369417" rel="external" title="Sent from infosec.exchange via ActivityPub">infosec.exchange</a></span></span><a href="https://infosec.exchange/@adulau/113160519902369417">permalink</a><h4>Attachments</h4><ol><li><label><a rel="external" href="https://gnusocial.jp/attachment/3189588">Second step of this phishing execution. Trying to lure the user to execute a powershell.https://gist.github.com/adulau/6cf6f3e9c5bbd9106af8814d0a22f473</a></label><br><a href="https://media.infosec.exchange/infosec.exchange/media_attachments/files/113/160/470/862/757/558/original/529545749cc9d6ca.png" rel="external">https://media.infosec.exchange/infosec.exchange/media_attachments/files/113/160/470/862/757/558/original/529545749cc9d6ca.png</a></li><li><article><header><div>Domain not in remote thumbnail source whitelist: github.githubassets.com</div><h5><a href="https://gist.github.com/adulau/6cf6f3e9c5bbd9106af8814d0a22f473">Malicious captcha for Windows user</a></h5><div> from <span>adulau</span></div></header><div>Malicious captcha for Windows user</div><footer></footer></article></li><li><article><header><div>No result found on File_thumbnail lookup.</div><h5><a href="https://pandora.circl.lu/analysis/21e8f693-361b-4a04-853c-276f9dd841e4/seed-1XqUr4mADaFYlLAyrBH8oQUBgOoEbceZ586b8h05YyA">Pandora - Analysis of l6E.exe</a></h5><div></div></header><div></div><footer></footer></article></li><li><article><header><div>Domain not in remote thumbnail source whitelist: lookyloo.circl.lu</div><h5><a href="https://lookyloo.circl.lu/tree/91106035-dfec-4acc-af06-c9fc36c62774#malware">Lookyloo capture</a></h5><div></div></header><div>URL captured: https://github-scanner.com</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Alexandre Dulaunoy (adulau@infosec.exchange)'s status on Thursday, 19-Sep-2024 05:52:48 JST Alexandre Dulaunoy
A funny phishing targeting GitHub users with an email notification about a security issue on a existing repository.
Then the captcha verification on a malicious website is trying to trick the user to run a shell command on Windows.
🔗 Powershell to be executed by the user
https://gist.github.com/adulau/6cf6f3e9c5bbd9106af8814d0a22f473
🔗 File downloaded https://pandora.circl.lu/analysis/21e8f693-361b-4a04-853c-276f9dd841e4/seed-1XqUr4mADaFYlLAyrBH8oQUBgOoEbceZ586b8h05YyA - Lumma Stealer
🔗 Malicious domain analysis. https://lookyloo.circl.lu/tree/91106035-dfec-4acc-af06-c9fc36c62774
#malware #malwareanalysis #infosec
In conversationabout 2 months ago from infosec.exchangepermalink
Attachments
1. Second step of this phishing execution. Trying to lure the user to execute a powershell. https://gist.github.com/adulau/6cf6f3e9c5bbd9106af8814d0a22f473
  https://media.infosec.exchange/infosec.exchange/media_attachments/files/113/160/470/862/757/558/original/529545749cc9d6ca.png
2. Domain not in remote thumbnail source whitelist: github.githubassets.com
  Malicious captcha for Windows user
  from adulau
  Malicious captcha for Windows user
3. No result found on File_thumbnail lookup.
  Pandora - Analysis of l6E.exe
4. Domain not in remote thumbnail source whitelist: lookyloo.circl.lu
  Lookyloo capture
  URL captured: https://github-scanner.com

Public

Embed Notice

HTML Code

Corresponding Notice