General

  • Target

    http://youtube.com

  • Sample

    240228-cgrt1sgg74

Malware Config

Targets

    • Target

      http://youtube.com

    • Manipulates Digital Signatures

      Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

    • Modifies Installed Components in the registry

    • Possible privilege escalation attempt

    • Modifies file permissions

    • Modifies system executable filetype association

    • Registers COM server for autorun

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks