ytstealer | 12d45d82b7a39a7f90056aa5c6d29c677ab0d77c363bef6b5e9b4a22074be00e

Analysis

max time kernel
249s
max time network
49s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
30-08-2022 01:16

Target

12d45d82b7a39a7f90056aa5c6d29c677ab0d77c363bef6b5e9b4a22074be00e.exe
Size

4.0MB
MD5

fff3b534a598e2d5d64c229bb9cedc18
SHA1

77a96eb5abe9b7d4a512b62474008ab20af016ea
SHA256

12d45d82b7a39a7f90056aa5c6d29c677ab0d77c363bef6b5e9b4a22074be00e
SHA512

86edf6291b14824267d7d0e24f8e4c038880b31c5e30d2e242072fde4bb8c79e8289b390d503d49c9ab017602bc1c42625685cf1d355f7ea3c91a6815e96f905
SSDEEP

98304:w2HAgKsjZ3kjguB6tXT3mkWOBSRR8RFHCp314O4cEkSSuHHHYzS2rTE:7HPajpBSbmo8RR8fCV4c9SSu4z/Q

Score

10^/10

YTStealer
YTStealer is a malware designed to steal YouTube authentication cookies.
stealer ytstealer

YTStealer payload 3 IoCs

Processes:

resource	yara_rule
behavioral1/memory/948-54-0x0000000000860000-0x0000000001672000-memory.dmp	family_ytstealer
behavioral1/memory/948-55-0x0000000000860000-0x0000000001672000-memory.dmp	family_ytstealer
behavioral1/memory/948-56-0x0000000000860000-0x0000000001672000-memory.dmp	family_ytstealer

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral1/memory/948-54-0x0000000000860000-0x0000000001672000-memory.dmp	upx
behavioral1/memory/948-55-0x0000000000860000-0x0000000001672000-memory.dmp	upx
behavioral1/memory/948-56-0x0000000000860000-0x0000000001672000-memory.dmp	upx

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

C:\Users\Admin\AppData\Local\Temp\12d45d82b7a39a7f90056aa5c6d29c677ab0d77c363bef6b5e9b4a22074be00e.exe
"C:\Users\Admin\AppData\Local\Temp\12d45d82b7a39a7f90056aa5c6d29c677ab0d77c363bef6b5e9b4a22074be00e.exe"
1⤵
PID:948

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

memory/948-54-0x0000000000860000-0x0000000001672000-memory.dmp

Filesize
14.1MB

Download
memory/948-55-0x0000000000860000-0x0000000001672000-memory.dmp

Filesize
14.1MB

Download
memory/948-56-0x0000000000860000-0x0000000001672000-memory.dmp

Filesize
14.1MB

Download