General
-
Target
https://www.youtube.com/redirect?event=comments&redir_token=QUFFLUhqbG1WU0pOLV95Y3pUcF9tUEpsMk5tVElvcmd4d3xBQ3Jtc0tueG5BOXhjT0V0R2UtNHZYTVJ0dVduR1FrTGVya1NhV0xRX3VBWkFWMndYUjVzSV85T3h6UGhoMG41MEFXcXN0aXVORXVyNG9OQy02ZkF6VjR0R0ZXa1JJLU9nc3psZWo0VE40SXhJVzhKbl9IZEUtRQ&q=https%3A%2F%2Fbit.ly%2Flol-script
-
Sample
240421-gjthvacg47
Score
10/10
Malware Config
Targets
-
-
Target
https://www.youtube.com/redirect?event=comments&redir_token=QUFFLUhqbG1WU0pOLV95Y3pUcF9tUEpsMk5tVElvcmd4d3xBQ3Jtc0tueG5BOXhjT0V0R2UtNHZYTVJ0dVduR1FrTGVya1NhV0xRX3VBWkFWMndYUjVzSV85T3h6UGhoMG41MEFXcXN0aXVORXVyNG9OQy02ZkF6VjR0R0ZXa1JJLU9nc3psZWo0VE40SXhJVzhKbl9IZEUtRQ&q=https%3A%2F%2Fbit.ly%2Flol-script
Score10/10-
Detect ZGRat V1
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Blocklisted process makes network request
-
Creates new service(s)
-
Downloads MZ/PE file
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-