General
-
Target
https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa1d5dkltR1E1U1Q5WjBVdzJxbDdJbU0zSWtVUXxBQ3Jtc0ttTWFKNVBUR2xkODJELW13NGdrS2pIMkxKblR2SFdXc0RkZy1SSHFqek00NXc1T0Z5Y2hnQ0taSk5yTTQ4azB2blhBWjRfWmsxV0picGlKcVk5cUU0OUVPb0RlN3R2bE5TcXNPQkh0M2JFQVhPcGFDdw&q=https%3A%2F%2Fdrive.google.com%2Ffile%2Fd%2F1g71fuKJNNsYwTWwLJqaIAJR1TiocDQYF%2Fview%3Fusp%3Dsharing&v=yVIADtHyHUA
-
Sample
240522-hm2jasff2w
Malware Config
Targets
-
-
Target
https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa1d5dkltR1E1U1Q5WjBVdzJxbDdJbU0zSWtVUXxBQ3Jtc0ttTWFKNVBUR2xkODJELW13NGdrS2pIMkxKblR2SFdXc0RkZy1SSHFqek00NXc1T0Z5Y2hnQ0taSk5yTTQ4azB2blhBWjRfWmsxV0picGlKcVk5cUU0OUVPb0RlN3R2bE5TcXNPQkh0M2JFQVhPcGFDdw&q=https%3A%2F%2Fdrive.google.com%2Ffile%2Fd%2F1g71fuKJNNsYwTWwLJqaIAJR1TiocDQYF%2Fview%3Fusp%3Dsharing&v=yVIADtHyHUA
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-