Analysis
-
max time kernel
42s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220718-en -
resource tags
-
submitted
20/07/2022, 08:04
General
-
Target
6D2496735DC831B335C0E4440EF1FF2CA468E4115C1EEC18DD6719A1FC18C3BD.exe
-
Size
4.0MB
-
MD5
ce3e307c0152742b3c2a20060a9053e7
-
SHA1
0eea6a1295e9f2eb2abc0bcf3aa34fc8a8764244
-
SHA256
6d2496735dc831b335c0e4440ef1ff2ca468e4115c1eec18dd6719a1fc18c3bd
-
SHA512
b93f05bdcf098d3e18909980a436abb724dfdfb99eba3a9c08e72c3882f192373a740cd2570458d376bccc19559a6de322f4f9be8482695a7d5a6e410acc7486
Score
10/10
Malware Config
Signatures
-
YTStealer
YTStealer is a malware designed to steal YouTube authentication cookies.
-
YTStealer payload 2 IoCs
-
UPX packed file 2 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\6D2496735DC831B335C0E4440EF1FF2CA468E4115C1EEC18DD6719A1FC18C3BD.exe"C:\Users\Admin\AppData\Local\Temp\6D2496735DC831B335C0E4440EF1FF2CA468E4115C1EEC18DD6719A1FC18C3BD.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /C choice /C Y /N /D Y /T 0 &Del C:\Users\Admin\AppData\Local\Temp\6D2496735DC831B335C0E4440EF1FF2CA468E4115C1EEC18DD6719A1FC18C3BD.exe2⤵
- Suspicious use of WriteProcessMemory
-
-
C:\Windows\system32\choice.exechoice /C Y /N /D Y /T 01⤵
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
13.8MB
-
Filesize
13.8MB