Malware Analysis Report

2024-10-23 16:34

Sample ID 220830-b2ql1sbaa8
Target 39b2f8df45c1356963ad36795c5d739b1201ca4798fbcc016ed3316a8a30cc9a
SHA256 39b2f8df45c1356963ad36795c5d739b1201ca4798fbcc016ed3316a8a30cc9a
Tags
upx ytstealer spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

39b2f8df45c1356963ad36795c5d739b1201ca4798fbcc016ed3316a8a30cc9a

Threat Level: Known bad

The file 39b2f8df45c1356963ad36795c5d739b1201ca4798fbcc016ed3316a8a30cc9a was found to be: Known bad.

Malicious Activity Summary

upx ytstealer spyware stealer

YTStealer payload

YTStealer

UPX packed file

Reads user/profile data of web browsers

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2022-08-30 01:38

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2022-08-30 01:38

Reported

2022-08-30 01:43

Platform

win7-20220812-en

Max time kernel

250s

Max time network

273s

Command Line

"C:\Users\Admin\AppData\Local\Temp\39b2f8df45c1356963ad36795c5d739b1201ca4798fbcc016ed3316a8a30cc9a.exe"

Signatures

YTStealer

stealer ytstealer

YTStealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

Processes

C:\Users\Admin\AppData\Local\Temp\39b2f8df45c1356963ad36795c5d739b1201ca4798fbcc016ed3316a8a30cc9a.exe

"C:\Users\Admin\AppData\Local\Temp\39b2f8df45c1356963ad36795c5d739b1201ca4798fbcc016ed3316a8a30cc9a.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 goback.delivery udp
US 104.21.84.12:443 goback.delivery tcp

Files

memory/736-54-0x0000000001080000-0x0000000001E94000-memory.dmp

memory/736-55-0x0000000001080000-0x0000000001E94000-memory.dmp

memory/736-56-0x0000000001080000-0x0000000001E94000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2022-08-30 01:38

Reported

2022-08-30 01:43

Platform

win10-20220812-en

Max time kernel

109s

Max time network

183s

Command Line

"C:\Users\Admin\AppData\Local\Temp\39b2f8df45c1356963ad36795c5d739b1201ca4798fbcc016ed3316a8a30cc9a.exe"

Signatures

YTStealer

stealer ytstealer

YTStealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

Processes

C:\Users\Admin\AppData\Local\Temp\39b2f8df45c1356963ad36795c5d739b1201ca4798fbcc016ed3316a8a30cc9a.exe

"C:\Users\Admin\AppData\Local\Temp\39b2f8df45c1356963ad36795c5d739b1201ca4798fbcc016ed3316a8a30cc9a.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 goback.delivery udp
US 104.21.84.12:443 goback.delivery tcp
IE 13.69.239.74:443 tcp

Files

memory/2300-120-0x0000000001360000-0x0000000002174000-memory.dmp

memory/2300-121-0x0000000001360000-0x0000000002174000-memory.dmp

memory/2300-122-0x0000000001360000-0x0000000002174000-memory.dmp