Overview

overview

10

Static

static

1

URLScan

urlscan

https://www.youtube....

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbnBHUXUwQkpsSVB5dTBaRDMwcTJWbzVYWXZ6QXxBQ3Jtc0ttRzJwbGltcmZsenNMUk93Vm14X29OS2ZHcFRCLV9ZVTBrbHhZVlF1RnEwb3QzX1RNcEpEOXBQdEdBOWc3M1pjZDZnYWpDd0pmUk1BWTlZbjREQ2UxYm9UeDU0RjhOd2s1MEYtWWRfSUttUWxrRktGWQ&q=https%3A%2F%2Fpcworlds.us%2Ffortnite-mod-menu-for-pc%2F&v=8EsBxkYNyME

  • Sample

    230612-n6h4yscf3s

Score
10/10
lobshotredline@hendrolasbackdoorinfostealer

Malware Config

Extracted

Family

redline

Botnet

@hendrolas

C2

94.142.138.4:80

Attributes
  • auth_value

    71d16d25eddbb4fd3b98070432f1a757

Targets

    • Target

      https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbnBHUXUwQkpsSVB5dTBaRDMwcTJWbzVYWXZ6QXxBQ3Jtc0ttRzJwbGltcmZsenNMUk93Vm14X29OS2ZHcFRCLV9ZVTBrbHhZVlF1RnEwb3QzX1RNcEpEOXBQdEdBOWc3M1pjZDZnYWpDd0pmUk1BWTlZbjREQ2UxYm9UeDU0RjhOd2s1MEYtWWRfSUttUWxrRktGWQ&q=https%3A%2F%2Fpcworlds.us%2Ffortnite-mod-menu-for-pc%2F&v=8EsBxkYNyME

    Score
    10/10
    lobshotredline@hendrolasbackdoorinfostealer

    • Detects Lobshot family

    • Lobshot

      Lobshot is a backdoor module written in c++.

      backdoorlobshot

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks