General

  • Target

    https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbURLdi1vTEtCRGJVSlhDTDJqMGtDR1JvZHFJZ3xBQ3Jtc0ttb3ZLWE16c1ZxZTRHdk5aNUZUZzYydVo3bHF2STRaU2U1VV9xdEdRRlFHVF8wWTdPU0tWMm0xb1VuWWgxVm5Bc25MbzItSFAxUEFnaXhVZkVkYnR1bDUxdHZ0LVBRX1B5ZWNCWTNEZ1g2YmY3bUJJYw&q=https%3A%2F%2Fgithub.com%2FEndermanch%2FMalwareDatabase%2Fraw%2Fmaster%2FNoEscape.zip&v=4oATWyMMH4A

  • Sample

    230331-15twaafc2z

Malware Config

Targets

    • Target

      https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbURLdi1vTEtCRGJVSlhDTDJqMGtDR1JvZHFJZ3xBQ3Jtc0ttb3ZLWE16c1ZxZTRHdk5aNUZUZzYydVo3bHF2STRaU2U1VV9xdEdRRlFHVF8wWTdPU0tWMm0xb1VuWWgxVm5Bc25MbzItSFAxUEFnaXhVZkVkYnR1bDUxdHZ0LVBRX1B5ZWNCWTNEZ1g2YmY3bUJJYw&q=https%3A%2F%2Fgithub.com%2FEndermanch%2FMalwareDatabase%2Fraw%2Fmaster%2FNoEscape.zip&v=4oATWyMMH4A

    • Modifies WinLogon for persistence

    • UAC bypass

    • Disables RegEdit via registry modification

    • Executes dropped EXE

    • Checks whether UAC is enabled

    • Drops desktop.ini file(s)

    • Legitimate hosting services abused for malware hosting/C2

    • Modifies WinLogon

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v6

Tasks