General
-
Target
https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbVdQQmZjV3g2c19zcU5JVHlaVkx4X3JxeTM0QXxBQ3Jtc0ttMXAxaFFIUm9mQ2hQX2tXeEJRR2RrY2VacnE1RFgyRU5XcTl4T2FwazFVd0tsbTB2bkxTbjR3aEJGNThhSlhkTlhGS2dpM0g5MFBHa1NubkExUG5udkdOLUg2TGVyWWVsOHpaeG1xQlVqdEl5VEVXTQ&q=https%3A%2F%2Fgodsexploits.com%2F&v=LdeGkLhBnxI
-
Sample
240225-p8w92acb45
Malware Config
Targets
-
-
Target
https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbVdQQmZjV3g2c19zcU5JVHlaVkx4X3JxeTM0QXxBQ3Jtc0ttMXAxaFFIUm9mQ2hQX2tXeEJRR2RrY2VacnE1RFgyRU5XcTl4T2FwazFVd0tsbTB2bkxTbjR3aEJGNThhSlhkTlhGS2dpM0g5MFBHa1NubkExUG5udkdOLUg2TGVyWWVsOHpaeG1xQlVqdEl5VEVXTQ&q=https%3A%2F%2Fgodsexploits.com%2F&v=LdeGkLhBnxI
Score9/10-
CryptOne packer
Detects CryptOne packer defined in NCC blogpost.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-