Analysis
-
max time kernel
42s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
30/08/2022, 22:18
General
-
Target
2f3c5db2ebcc3780f9507e572a26e332505905a1b9c9b3086e689ccbe463546b.exe
-
Size
4.0MB
-
MD5
e4d3f5b6e53c0188e6ff2081b87cbd82
-
SHA1
a43c60c08f67a90aa6836d66de8bdf0179f4d9f8
-
SHA256
2f3c5db2ebcc3780f9507e572a26e332505905a1b9c9b3086e689ccbe463546b
-
SHA512
9ea5c68a1e9cc8409efc41edac3cc282aa27bbae59cebf382347d2a2f824d06a284f07f6455ea3c35035d89f66434a1c1078f9d0560404f8257dc84d77afb060
-
SSDEEP
98304:+POnSi9y/6yhvKs71LA7zkr+kK9N3Kc+VMcOAcuStVih:+DiY/3R7RLJren3j+SXtVi
Score
10/10
Malware Config
Signatures
-
YTStealer
YTStealer is a malware designed to steal YouTube authentication cookies.
-
YTStealer payload 2 IoCs
-
UPX packed file 2 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Deletes itself 1 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2f3c5db2ebcc3780f9507e572a26e332505905a1b9c9b3086e689ccbe463546b.exe"C:\Users\Admin\AppData\Local\Temp\2f3c5db2ebcc3780f9507e572a26e332505905a1b9c9b3086e689ccbe463546b.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /C choice /C Y /N /D Y /T 0 &Del C:\Users\Admin\AppData\Local\Temp\2f3c5db2ebcc3780f9507e572a26e332505905a1b9c9b3086e689ccbe463546b.exe2⤵
- Deletes itself
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\choice.exechoice /C Y /N /D Y /T 03⤵
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
13.8MB
-
Filesize
13.8MB