ytstealer | 02baf2e8b609c10f2778ace88e012b329a98f792d054bb55f9d2290a000425c0

Analysis

max time kernel
53s
max time network
184s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
30-08-2022 01:12

Target

02baf2e8b609c10f2778ace88e012b329a98f792d054bb55f9d2290a000425c0.exe
Size

4.0MB
MD5

699ff52c89b6aa4a20f6bed82460f1d6
SHA1

63dc4da1f06cbec8fb343cb968af3caf2c6a5453
SHA256

02baf2e8b609c10f2778ace88e012b329a98f792d054bb55f9d2290a000425c0
SHA512

d7d6b74500a0c70756a700a7f683f80e82b94d528351ebef3a08fbd1ec55cd975719b79f49f539be33c4e552b90d37a2bcb152560995626460d7a4f75291c211
SSDEEP

98304:y6rF69l0bczBcfQ0bHnXwswzVr70xtEiCarsbb8gqPjzC2B3q:y6696wcoIApVrAAiUUjzC

Score

10^/10

YTStealer
YTStealer is a malware designed to steal YouTube authentication cookies.
stealer ytstealer

YTStealer payload 3 IoCs

Processes:

resource	yara_rule
behavioral2/memory/2208-120-0x0000000000290000-0x00000000010A2000-memory.dmp	family_ytstealer
behavioral2/memory/2208-121-0x0000000000290000-0x00000000010A2000-memory.dmp	family_ytstealer
behavioral2/memory/2208-122-0x0000000000290000-0x00000000010A2000-memory.dmp	family_ytstealer

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral2/memory/2208-120-0x0000000000290000-0x00000000010A2000-memory.dmp	upx
behavioral2/memory/2208-121-0x0000000000290000-0x00000000010A2000-memory.dmp	upx
behavioral2/memory/2208-122-0x0000000000290000-0x00000000010A2000-memory.dmp	upx

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

C:\Users\Admin\AppData\Local\Temp\02baf2e8b609c10f2778ace88e012b329a98f792d054bb55f9d2290a000425c0.exe
"C:\Users\Admin\AppData\Local\Temp\02baf2e8b609c10f2778ace88e012b329a98f792d054bb55f9d2290a000425c0.exe"
1⤵
PID:2208

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

memory/2208-120-0x0000000000290000-0x00000000010A2000-memory.dmp

Filesize
14.1MB

Download
memory/2208-121-0x0000000000290000-0x00000000010A2000-memory.dmp

Filesize
14.1MB

Download
memory/2208-122-0x0000000000290000-0x00000000010A2000-memory.dmp

Filesize
14.1MB

Download