ytstealer | 39b2f8df45c1356963ad36795c5d739b1201ca4798fbcc016ed3316a8a30cc9a

Analysis

max time kernel
109s
max time network
183s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
30-08-2022 01:38

Target

39b2f8df45c1356963ad36795c5d739b1201ca4798fbcc016ed3316a8a30cc9a.exe
Size

4.0MB
MD5

cf9c0885f61ff3c1f2b17422e9cf45b9
SHA1

faca656638d948aab17b7fd2516ef6d18831ee3f
SHA256

39b2f8df45c1356963ad36795c5d739b1201ca4798fbcc016ed3316a8a30cc9a
SHA512

6a63e8ebf58f738bd281e0215600cf2812ffbfaf33a43bb27863b9767251cf22e5c5af1101bcac0e171026dd7c935244a8e97dce2c53bfd9696953a1eb7477d8
SSDEEP

98304:UPIhsXPGWXMKtHJWiLPLKzhXHaym7nHMsh5U3A2dGRbw0zVsQi84:QIktXFJLCHT2nHM+5spkTVYr

Score

10^/10

YTStealer
YTStealer is a malware designed to steal YouTube authentication cookies.
stealer ytstealer

YTStealer payload 3 IoCs

Processes:

resource	yara_rule
behavioral2/memory/2300-120-0x0000000001360000-0x0000000002174000-memory.dmp	family_ytstealer
behavioral2/memory/2300-121-0x0000000001360000-0x0000000002174000-memory.dmp	family_ytstealer
behavioral2/memory/2300-122-0x0000000001360000-0x0000000002174000-memory.dmp	family_ytstealer

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral2/memory/2300-120-0x0000000001360000-0x0000000002174000-memory.dmp	upx
behavioral2/memory/2300-121-0x0000000001360000-0x0000000002174000-memory.dmp	upx
behavioral2/memory/2300-122-0x0000000001360000-0x0000000002174000-memory.dmp	upx

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

C:\Users\Admin\AppData\Local\Temp\39b2f8df45c1356963ad36795c5d739b1201ca4798fbcc016ed3316a8a30cc9a.exe
"C:\Users\Admin\AppData\Local\Temp\39b2f8df45c1356963ad36795c5d739b1201ca4798fbcc016ed3316a8a30cc9a.exe"
1⤵
PID:2300

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

memory/2300-120-0x0000000001360000-0x0000000002174000-memory.dmp

Filesize
14.1MB

Download
memory/2300-121-0x0000000001360000-0x0000000002174000-memory.dmp

Filesize
14.1MB

Download
memory/2300-122-0x0000000001360000-0x0000000002174000-memory.dmp

Filesize
14.1MB

Download