General
-
Target
https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbnFybmk3WkNiS2o1YkdxVEFKN09uT2g0b0xGZ3xBQ3Jtc0tubDNKWklqMTM4QWg4LVJXV0x6RUtSVUVtRlBVdjNiZkRhbnR2anJYMFRyNGtWTTh1Z0F3Q1kzSjVzV3VRdzdmUWxTOVdDT3ZZcWFwN0sxX2pSY0FtUEJvb3FBNHlvQ2s4MVJ2Ty12em1nNmM0R1VUTQ&q=https%3A%2F%2Fdrive.google.com%2Fopen%3Fid%3D1g-Oci3nv9VpJEWQWMA-jjsFnvIrdeIJ9
-
Sample
210302-z95dyqdwr2
Static task
static1
URLScan task
urlscan1
Sample
https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbnFybmk3WkNiS2o1YkdxVEFKN09uT2g0b0xGZ3xBQ3Jtc0tubDNKWklqMTM4QWg4LVJXV0x6RUtSVUVtRlBVdjNiZkRhbnR2anJYMFRyNGtWTTh1Z0F3Q1kzSjVzV3VRdzdmUWxTOVdDT3ZZcWFwN0sxX2pSY0FtUEJvb3FBNHlvQ2s4MVJ2Ty12em1nNmM0R1VUTQ&q=https%3A%2F%2Fdrive.google.com%2Fopen%3Fid%3D1g-Oci3nv9VpJEWQWMA-jjsFnvIrdeIJ9
Behavioral task
behavioral1
Sample
https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbnFybmk3WkNiS2o1YkdxVEFKN09uT2g0b0xGZ3xBQ3Jtc0tubDNKWklqMTM4QWg4LVJXV0x6RUtSVUVtRlBVdjNiZkRhbnR2anJYMFRyNGtWTTh1Z0F3Q1kzSjVzV3VRdzdmUWxTOVdDT3ZZcWFwN0sxX2pSY0FtUEJvb3FBNHlvQ2s4MVJ2Ty12em1nNmM0R1VUTQ&q=https%3A%2F%2Fdrive.google.com%2Fopen%3Fid%3D1g-Oci3nv9VpJEWQWMA-jjsFnvIrdeIJ9
Resource
win10v20201028
Malware Config
Targets
-
-
Target
https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbnFybmk3WkNiS2o1YkdxVEFKN09uT2g0b0xGZ3xBQ3Jtc0tubDNKWklqMTM4QWg4LVJXV0x6RUtSVUVtRlBVdjNiZkRhbnR2anJYMFRyNGtWTTh1Z0F3Q1kzSjVzV3VRdzdmUWxTOVdDT3ZZcWFwN0sxX2pSY0FtUEJvb3FBNHlvQ2s4MVJ2Ty12em1nNmM0R1VUTQ&q=https%3A%2F%2Fdrive.google.com%2Fopen%3Fid%3D1g-Oci3nv9VpJEWQWMA-jjsFnvIrdeIJ9
Score8/10-
Modifies WinLogon to allow AutoLogon
Enables rebooting of the machine without requiring login credentials.
-
Legitimate hosting services abused for malware hosting/C2
-