General
-
Target
https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbnNCNlJaeThiUDJPamVJZkdHbGhuZWNLbVhEQXxBQ3Jtc0tuWFRISjFwOTN6d3psN2lob2lxRWtnd1l5RDlOZGtBallpZmpFR1REbk9INk1FQzJMRm1oREdieVdwUE9idklBcUtpMzllY3ltZ0tGT3FUVm9PVmgtWkd4emI1VGNxRmlZZlZiaGxPYVF0N3V6czdMNA&q=https%3A%2F%2Fwww.mediafire.com%2Ffolder%2Fxwe39y90o50dj%2FgetIT&v=pQ8KS3R41so
-
Sample
240905-r5ab7ssgrr
Malware Config
Targets
-
-
Target
https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbnNCNlJaeThiUDJPamVJZkdHbGhuZWNLbVhEQXxBQ3Jtc0tuWFRISjFwOTN6d3psN2lob2lxRWtnd1l5RDlOZGtBallpZmpFR1REbk9INk1FQzJMRm1oREdieVdwUE9idklBcUtpMzllY3ltZ0tGT3FUVm9PVmgtWkd4emI1VGNxRmlZZlZiaGxPYVF0N3V6czdMNA&q=https%3A%2F%2Fwww.mediafire.com%2Ffolder%2Fxwe39y90o50dj%2FgetIT&v=pQ8KS3R41so
Score9/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1