General
-
Target
https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbTkyUnEwY3VlRWR5ZG9mOGRkb004MVlfYmRYZ3xBQ3Jtc0tuZVNLUl9JREtwZnFlV3NzVVZ3MENOeEROZFpZQUY5NGo4bkFmVlpnTjNRdjZ1TmNHLXRHWTFyTTFacFpDOW44djJYNDhJLUwxVnhpclpJSE0yY3A5b05paE5xM1RWSDY0TEgzcXBOcmxHcFZYTDZqRQ&q=https%3A%2F%2Fmhoefs.eu%2Fsoftware_uxtheme.php%3Flang%3Den&v=LJ3tzeHSgJs
-
Sample
241119-td83kaxpcy
Malware Config
Targets
-
-
Target
https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbTkyUnEwY3VlRWR5ZG9mOGRkb004MVlfYmRYZ3xBQ3Jtc0tuZVNLUl9JREtwZnFlV3NzVVZ3MENOeEROZFpZQUY5NGo4bkFmVlpnTjNRdjZ1TmNHLXRHWTFyTTFacFpDOW44djJYNDhJLUwxVnhpclpJSE0yY3A5b05paE5xM1RWSDY0TEgzcXBOcmxHcFZYTDZqRQ&q=https%3A%2F%2Fmhoefs.eu%2Fsoftware_uxtheme.php%3Flang%3Den&v=LJ3tzeHSgJs
Score8/10-
Possible privilege escalation attempt
-
A potential corporate email address has been identified in the URL: [email protected]
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
2Windows File and Directory Permissions Modification
1