ytstealer | a54ac89930406913a3b0b3b8e3ef738135a9b7fa54b01578f870e26ee9f99efb

Analysis

max time kernel
53s
max time network
183s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
14-08-2022 22:15

Target

a54ac89930406913a3b0b3b8e3ef738135a9b7fa54b01578f870e26ee9f99efb.exe
Size

4.0MB
MD5

47b29465bb5fcbbd899f1d98af193f06
SHA1

ddd7c01b07939751f734c1e9b7aa17853447e02c
SHA256

a54ac89930406913a3b0b3b8e3ef738135a9b7fa54b01578f870e26ee9f99efb
SHA512

838a170802283f318712195402dc26dc601d2f81d3dae1f32309e532af732808c1a8b03c80f7dcf99b2ae94276678bb4211a44ebe889335da34a6083c4bd31f8

Score

10^/10

YTStealer
YTStealer is a malware designed to steal YouTube authentication cookies.
stealer ytstealer

YTStealer payload 3 IoCs

Processes:

resource	yara_rule
behavioral2/memory/2664-115-0x0000000000350000-0x0000000001162000-memory.dmp	family_ytstealer
behavioral2/memory/2664-116-0x0000000000350000-0x0000000001162000-memory.dmp	family_ytstealer
behavioral2/memory/2664-117-0x0000000000350000-0x0000000001162000-memory.dmp	family_ytstealer

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral2/memory/2664-115-0x0000000000350000-0x0000000001162000-memory.dmp	upx
behavioral2/memory/2664-116-0x0000000000350000-0x0000000001162000-memory.dmp	upx
behavioral2/memory/2664-117-0x0000000000350000-0x0000000001162000-memory.dmp	upx

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

C:\Users\Admin\AppData\Local\Temp\a54ac89930406913a3b0b3b8e3ef738135a9b7fa54b01578f870e26ee9f99efb.exe
"C:\Users\Admin\AppData\Local\Temp\a54ac89930406913a3b0b3b8e3ef738135a9b7fa54b01578f870e26ee9f99efb.exe"
1⤵
PID:2664

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

memory/2664-115-0x0000000000350000-0x0000000001162000-memory.dmp

Filesize
14.1MB

Download
memory/2664-116-0x0000000000350000-0x0000000001162000-memory.dmp

Filesize
14.1MB

Download
memory/2664-117-0x0000000000350000-0x0000000001162000-memory.dmp

Filesize
14.1MB

Download