Analysis Overview
SHA256
50f6ed33ecbfe835cd69ad989fca695b815b187d967366ed9db8533d834e9e82
Threat Level: Known bad
The file 50f6ed33ecbfe835cd69ad989fca695b815b187d967366ed9db8533d834e9e82 was found to be: Known bad.
Malicious Activity Summary
YTStealer
YTStealer payload
UPX packed file
Reads user/profile data of web browsers
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2022-08-30 01:46
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2022-08-30 01:46
Reported
2022-08-30 01:51
Platform
win7-20220812-en
Max time kernel
259s
Max time network
50s
Command Line
Signatures
YTStealer
YTStealer payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
Processes
C:\Users\Admin\AppData\Local\Temp\50f6ed33ecbfe835cd69ad989fca695b815b187d967366ed9db8533d834e9e82.exe
"C:\Users\Admin\AppData\Local\Temp\50f6ed33ecbfe835cd69ad989fca695b815b187d967366ed9db8533d834e9e82.exe"
Network
Files
memory/1596-54-0x0000000000D40000-0x0000000001B52000-memory.dmp
memory/1596-55-0x0000000000D40000-0x0000000001B52000-memory.dmp
memory/1596-56-0x0000000000D40000-0x0000000001B52000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2022-08-30 01:46
Reported
2022-08-30 01:51
Platform
win10-20220812-en
Max time kernel
56s
Max time network
183s
Command Line
Signatures
YTStealer
YTStealer payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
Processes
C:\Users\Admin\AppData\Local\Temp\50f6ed33ecbfe835cd69ad989fca695b815b187d967366ed9db8533d834e9e82.exe
"C:\Users\Admin\AppData\Local\Temp\50f6ed33ecbfe835cd69ad989fca695b815b187d967366ed9db8533d834e9e82.exe"
Network
| Country | Destination | Domain | Proto |
| NL | 52.178.17.3:443 | tcp | |
| NL | 87.248.202.1:80 | tcp |
Files
memory/2700-116-0x0000000000D40000-0x0000000001B52000-memory.dmp
memory/2700-117-0x0000000000D40000-0x0000000001B52000-memory.dmp
memory/2700-118-0x0000000000D40000-0x0000000001B52000-memory.dmp