ytstealer | 9e20af8009b6c35567a8a78f9c6485af4082fca8295e39d19cadbd11eba41be5

Analysis

max time kernel
53s
max time network
174s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
27-08-2022 04:02

Target

9e20af8009b6c35567a8a78f9c6485af4082fca8295e39d19cadbd11eba41be5.exe
Size

4.0MB
MD5

751b1660526b7441ec7bcfde6f02dcbe
SHA1

4e95a7a76ba2e58cdd533a5032a7a2300209f11c
SHA256

9e20af8009b6c35567a8a78f9c6485af4082fca8295e39d19cadbd11eba41be5
SHA512

19c397eea2296f0a2a31cf92bafd84a862ae401c2a2b22bb8c4b66cfd07dc20e7d1b850adbfe59e7a0d9efeab70f533f7a2ae04facc2f73efbf8d282ea17d62e
SSDEEP

98304:7YuXpal4Vbc5zTRt7wsMuYsLvYuR1p4SO5nkYA+tPS7kPDgG2/no:cuXolAclT77wmYW91p4lhbPykP0GKo

Score

10^/10

YTStealer
YTStealer is a malware designed to steal YouTube authentication cookies.
stealer ytstealer

YTStealer payload 2 IoCs

Processes:

resource	yara_rule
behavioral2/memory/2748-116-0x0000000000FF0000-0x0000000001E04000-memory.dmp	family_ytstealer
behavioral2/memory/2748-117-0x0000000000FF0000-0x0000000001E04000-memory.dmp	family_ytstealer

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral2/memory/2748-115-0x0000000000FF0000-0x0000000001E04000-memory.dmp	upx
behavioral2/memory/2748-116-0x0000000000FF0000-0x0000000001E04000-memory.dmp	upx
behavioral2/memory/2748-117-0x0000000000FF0000-0x0000000001E04000-memory.dmp	upx

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

C:\Users\Admin\AppData\Local\Temp\9e20af8009b6c35567a8a78f9c6485af4082fca8295e39d19cadbd11eba41be5.exe
"C:\Users\Admin\AppData\Local\Temp\9e20af8009b6c35567a8a78f9c6485af4082fca8295e39d19cadbd11eba41be5.exe"
1⤵
PID:2748

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

memory/2748-115-0x0000000000FF0000-0x0000000001E04000-memory.dmp

Filesize
14.1MB

Download
memory/2748-116-0x0000000000FF0000-0x0000000001E04000-memory.dmp

Filesize
14.1MB

Download
memory/2748-117-0x0000000000FF0000-0x0000000001E04000-memory.dmp

Filesize
14.1MB

Download