Overview

overview

10

Static

static

1

URLScan

urlscan

https://www.youtube....

windows11-21h2-x64

Resubmissions

28/02/2024, 14:30

240228-rvdxmsdh3y 10

Sharing

Copy URL Twitter E-mail

General

  • Target

    https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqblZtN0hNMmxkOTctMzU4aUF0aU1VUEJ3V0dPd3xBQ3Jtc0tsOWk4bExwTFB6Y2RwZFFva2JFVEluTlRZV1V6dUE2SFhES01JM2hJQ01Rb1N2YmxXT1FYdWh2bTk4cktFVW56dV83T21rUjIzeWhjdm9odmZxSk5CQTFvOFduZW85UWJmaTlvYTcyOXVIaXZpaWlpVQ&q=https%3A%2F%2Fgo.enderman.ch%2Fnoescape&v=4oATWyMMH4A

  • Sample

    240228-rvdxmsdh3y

Score
10/10
evasionpersistenceransomwaretrojan

Malware Config

Targets

    • Target

      https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqblZtN0hNMmxkOTctMzU4aUF0aU1VUEJ3V0dPd3xBQ3Jtc0tsOWk4bExwTFB6Y2RwZFFva2JFVEluTlRZV1V6dUE2SFhES01JM2hJQ01Rb1N2YmxXT1FYdWh2bTk4cktFVW56dV83T21rUjIzeWhjdm9odmZxSk5CQTFvOFduZW85UWJmaTlvYTcyOXVIaXZpaWlpVQ&q=https%3A%2F%2Fgo.enderman.ch%2Fnoescape&v=4oATWyMMH4A

    Score
    10/10
    evasionpersistenceransomwaretrojan

    • Modifies WinLogon for persistence

      persistence

    • UAC bypass

      evasiontrojan

    • Disables RegEdit via registry modification

      evasion

    • Drops desktop.ini file(s)

    • Legitimate hosting services abused for malware hosting/C2

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks