General

  • Target

    https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbjZhdU54NW9YWVdfcGFqZ25LcHZqOWVIQXRKd3xBQ3Jtc0tuQll1X04wclJYOTdNTVExQ2QyRnRuYlYwaXFfSE1PUjRBY2VsN2xHWHl4X0JfdXdxb3VwNlVXekUwam9UeERHN044d2hJeWJnbndKZnNwZWVZQUwxWU1wR3FRWHlpcmU2M3dHTVBHZTA5Vy1xc18tMA&q=https%3A%2F%2Fgithub.com%2FEndermanch%2FMalwareDatabase%2Fraw%2Fmaster%2FNoEscape.zip&v=4oATWyMMH4A

  • Sample

    230331-v8anxsdd8x

Malware Config

Targets

    • Target

      https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbjZhdU54NW9YWVdfcGFqZ25LcHZqOWVIQXRKd3xBQ3Jtc0tuQll1X04wclJYOTdNTVExQ2QyRnRuYlYwaXFfSE1PUjRBY2VsN2xHWHl4X0JfdXdxb3VwNlVXekUwam9UeERHN044d2hJeWJnbndKZnNwZWVZQUwxWU1wR3FRWHlpcmU2M3dHTVBHZTA5Vy1xc18tMA&q=https%3A%2F%2Fgithub.com%2FEndermanch%2FMalwareDatabase%2Fraw%2Fmaster%2FNoEscape.zip&v=4oATWyMMH4A

    • Modifies WinLogon for persistence

    • UAC bypass

    • Disables RegEdit via registry modification

    • Drops desktop.ini file(s)

    • Legitimate hosting services abused for malware hosting/C2

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v6

Tasks