ytstealer | 7b6662b7e68c82c21609f9c989adbbaeeb2b96fc546a3cdd54168f0d3b743583

Analysis

max time kernel
53s
max time network
61s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
25-08-2022 18:44

Target

7b6662b7e68c82c21609f9c989adbbaeeb2b96fc546a3cdd54168f0d3b743583.exe
Size

4.0MB
MD5

ac13631b8c64bbefbe0c95baa07e4ead
SHA1

359589babaf0891c770893a6dfff2bb676e5cbb0
SHA256

7b6662b7e68c82c21609f9c989adbbaeeb2b96fc546a3cdd54168f0d3b743583
SHA512

4deb6783ba6db11228b9b9d88f11d62b0439aec19f80a1c5356e4f5988810451f6dd9ee83107393154ce4a409137a6489fbdde0d53b6bf593d07100dde5befe3
SSDEEP

98304:+CAOvB/KLINihANC1jlUplJ1VrrDHhpb8zQL7wX9Kc7Ku:PJ/KEkWNCplklJ7DTSQL74wE

Score

10^/10

YTStealer
YTStealer is a malware designed to steal YouTube authentication cookies.
stealer ytstealer

YTStealer payload 3 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2668-118-0x0000000000E40000-0x0000000001C54000-memory.dmp	family_ytstealer
behavioral1/memory/2668-119-0x0000000000E40000-0x0000000001C54000-memory.dmp	family_ytstealer
behavioral1/memory/2668-120-0x0000000000E40000-0x0000000001C54000-memory.dmp	family_ytstealer

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral1/memory/2668-118-0x0000000000E40000-0x0000000001C54000-memory.dmp	upx
behavioral1/memory/2668-119-0x0000000000E40000-0x0000000001C54000-memory.dmp	upx
behavioral1/memory/2668-120-0x0000000000E40000-0x0000000001C54000-memory.dmp	upx

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

C:\Users\Admin\AppData\Local\Temp\7b6662b7e68c82c21609f9c989adbbaeeb2b96fc546a3cdd54168f0d3b743583.exe
"C:\Users\Admin\AppData\Local\Temp\7b6662b7e68c82c21609f9c989adbbaeeb2b96fc546a3cdd54168f0d3b743583.exe"
1⤵
PID:2668

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

memory/2668-118-0x0000000000E40000-0x0000000001C54000-memory.dmp

Filesize
14.1MB

Download
memory/2668-119-0x0000000000E40000-0x0000000001C54000-memory.dmp

Filesize
14.1MB

Download
memory/2668-120-0x0000000000E40000-0x0000000001C54000-memory.dmp

Filesize
14.1MB

Download