General
-
Target
https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbHdod19KM19RdlhSS3U0RnJZMGNCU18xMWc5d3xBQ3Jtc0tueWlORk9tU1VjSjQ3NExzTnpoSlNyTVN6enB2dkxQYVlGNkpNc1F3NVN0ajJnQ0o3cFJ0WjItVXJ0Zk1XWXR5YmVaSkpURUhXWGxrRG9CNjR2RThNX1d4MTJzNExtU013andnb2NJT05vWndrajdFOA&q=https%3A%2F%2Ftelegra.ph%2Ffv20-03-15&v=TVWVz7W7UjE
-
Sample
230327-m8kvwsdb87
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbHdod19KM19RdlhSS3U0RnJZMGNCU18xMWc5d3xBQ3Jtc0tueWlORk9tU1VjSjQ3NExzTnpoSlNyTVN6enB2dkxQYVlGNkpNc1F3NVN0ajJnQ0o3cFJ0WjItVXJ0Zk1XWXR5YmVaSkpURUhXWGxrRG9CNjR2RThNX1d4MTJzNExtU013andnb2NJT05vWndrajdFOA&q=https%3A%2F%2Ftelegra.ph%2Ffv20-03-15&v=TVWVz7W7UjE
Resource
win10v2004-20230220-en
Malware Config
Extracted
raccoon
f26f614d4c0bc2bcd6601785661fb5cf
http://45.9.74.170
http://77.73.134.43
Targets
-
-
Target
https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbHdod19KM19RdlhSS3U0RnJZMGNCU18xMWc5d3xBQ3Jtc0tueWlORk9tU1VjSjQ3NExzTnpoSlNyTVN6enB2dkxQYVlGNkpNc1F3NVN0ajJnQ0o3cFJ0WjItVXJ0Zk1XWXR5YmVaSkpURUhXWGxrRG9CNjR2RThNX1d4MTJzNExtU013andnb2NJT05vWndrajdFOA&q=https%3A%2F%2Ftelegra.ph%2Ffv20-03-15&v=TVWVz7W7UjE
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-