ytstealer | b221019fa30df97d456407a899a4675d1bfa0394c6362fc1745bb3235b69be14

Analysis

max time kernel
49s
max time network
175s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
28-08-2022 04:11

Target

b221019fa30df97d456407a899a4675d1bfa0394c6362fc1745bb3235b69be14.exe
Size

4.0MB
MD5

8ce1b58517d9488123e72f84b2ba3709
SHA1

883bfba65cc27b5cbca1c5f8106961edae9b25d5
SHA256

b221019fa30df97d456407a899a4675d1bfa0394c6362fc1745bb3235b69be14
SHA512

32c9ecf59e760dd60b56ec980afac5b7bdc5bd39f128400425dc9e920461c3158d1b5815e23f17c69915ec7992e22db10742da8bda9fee34eb87e368c3d9fd1b
SSDEEP

98304:sm/4ZDjXetmLgiv6mn8GlSFDOXB/xJO+RJN3A0/l:sm/eqtmRvJNlSpOXB/aQ3w0/

Score

10^/10

YTStealer
YTStealer is a malware designed to steal YouTube authentication cookies.
stealer ytstealer

YTStealer payload 3 IoCs

Processes:

resource	yara_rule
behavioral2/memory/2340-120-0x0000000000B50000-0x0000000001964000-memory.dmp	family_ytstealer
behavioral2/memory/2340-121-0x0000000000B50000-0x0000000001964000-memory.dmp	family_ytstealer
behavioral2/memory/2340-122-0x0000000000B50000-0x0000000001964000-memory.dmp	family_ytstealer

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral2/memory/2340-120-0x0000000000B50000-0x0000000001964000-memory.dmp	upx
behavioral2/memory/2340-121-0x0000000000B50000-0x0000000001964000-memory.dmp	upx
behavioral2/memory/2340-122-0x0000000000B50000-0x0000000001964000-memory.dmp	upx

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

C:\Users\Admin\AppData\Local\Temp\b221019fa30df97d456407a899a4675d1bfa0394c6362fc1745bb3235b69be14.exe
"C:\Users\Admin\AppData\Local\Temp\b221019fa30df97d456407a899a4675d1bfa0394c6362fc1745bb3235b69be14.exe"
1⤵
PID:2340

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

memory/2340-120-0x0000000000B50000-0x0000000001964000-memory.dmp

Filesize
14.1MB

Download
memory/2340-121-0x0000000000B50000-0x0000000001964000-memory.dmp

Filesize
14.1MB

Download
memory/2340-122-0x0000000000B50000-0x0000000001964000-memory.dmp

Filesize
14.1MB

Download