Overview

overview

8

Static

static

URLScan

urlscan

https://www.youtube....

windows10_x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbnFybmk3WkNiS2o1YkdxVEFKN09uT2g0b0xGZ3xBQ3Jtc0tubDNKWklqMTM4QWg4LVJXV0x6RUtSVUVtRlBVdjNiZkRhbnR2anJYMFRyNGtWTTh1Z0F3Q1kzSjVzV3VRdzdmUWxTOVdDT3ZZcWFwN0sxX2pSY0FtUEJvb3FBNHlvQ2s4MVJ2Ty12em1nNmM0R1VUTQ&q=https%3A%2F%2Fdrive.google.com%2Fopen%3Fid%3D1g-Oci3nv9VpJEWQWMA-jjsFnvIrdeIJ9

  • Sample

    210302-z95dyqdwr2

Score
8/10
bootkitransomware

Malware Config

Targets

    • Target

      https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbnFybmk3WkNiS2o1YkdxVEFKN09uT2g0b0xGZ3xBQ3Jtc0tubDNKWklqMTM4QWg4LVJXV0x6RUtSVUVtRlBVdjNiZkRhbnR2anJYMFRyNGtWTTh1Z0F3Q1kzSjVzV3VRdzdmUWxTOVdDT3ZZcWFwN0sxX2pSY0FtUEJvb3FBNHlvQ2s4MVJ2Ty12em1nNmM0R1VUTQ&q=https%3A%2F%2Fdrive.google.com%2Fopen%3Fid%3D1g-Oci3nv9VpJEWQWMA-jjsFnvIrdeIJ9

    Score
    8/10
    bootkitransomware

    • Modifies WinLogon to allow AutoLogon

      Enables rebooting of the machine without requiring login credentials.

      ransomwarebootkit

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

1
T1004

Privilege Escalation

Defense Evasion

Modify Registry

3
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks