ytstealer | cecc58f7e5b69e0b2159f68ca5ee38f36b59a0adbe36f8a93e791f8788488fb5

Analysis

max time kernel
49s
max time network
185s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
12-08-2022 22:19

Target

cecc58f7e5b69e0b2159f68ca5ee38f36b59a0adbe36f8a93e791f8788488fb5.exe
Size

4.0MB
MD5

54d16b2bd83331c4512e3392271ac098
SHA1

313327e368810eae000d565f642a33ae3fc47fef
SHA256

cecc58f7e5b69e0b2159f68ca5ee38f36b59a0adbe36f8a93e791f8788488fb5
SHA512

9a613dd5e73d001e7a5fc71433619c6ffe7f1208b4930652e8a3c5e34330e7c7baf588a1386126d4a131041ad6162dfb390a3174f3cf511eaada1d00b4c314b3

Score

10^/10

YTStealer
YTStealer is a malware designed to steal YouTube authentication cookies.
stealer ytstealer

YTStealer payload 3 IoCs

Processes:

resource	yara_rule
behavioral2/memory/4568-115-0x0000000000EB0000-0x0000000001CC2000-memory.dmp	family_ytstealer
behavioral2/memory/4568-116-0x0000000000EB0000-0x0000000001CC2000-memory.dmp	family_ytstealer
behavioral2/memory/4568-117-0x0000000000EB0000-0x0000000001CC2000-memory.dmp	family_ytstealer

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral2/memory/4568-115-0x0000000000EB0000-0x0000000001CC2000-memory.dmp	upx
behavioral2/memory/4568-116-0x0000000000EB0000-0x0000000001CC2000-memory.dmp	upx
behavioral2/memory/4568-117-0x0000000000EB0000-0x0000000001CC2000-memory.dmp	upx

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

C:\Users\Admin\AppData\Local\Temp\cecc58f7e5b69e0b2159f68ca5ee38f36b59a0adbe36f8a93e791f8788488fb5.exe
"C:\Users\Admin\AppData\Local\Temp\cecc58f7e5b69e0b2159f68ca5ee38f36b59a0adbe36f8a93e791f8788488fb5.exe"
1⤵
PID:4568

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

memory/4568-115-0x0000000000EB0000-0x0000000001CC2000-memory.dmp

Filesize
14.1MB

Download
memory/4568-116-0x0000000000EB0000-0x0000000001CC2000-memory.dmp

Filesize
14.1MB

Download
memory/4568-117-0x0000000000EB0000-0x0000000001CC2000-memory.dmp

Filesize
14.1MB

Download