ytstealer | 15f7e7c2071f6c50f6a4c9122eb04f2d0eb2d1380a2c4f1f2548f1040ba682ba

Analysis

max time kernel
55s
max time network
184s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
30-08-2022 01:18

Target

15f7e7c2071f6c50f6a4c9122eb04f2d0eb2d1380a2c4f1f2548f1040ba682ba.exe
Size

4.0MB
MD5

6cee123a08c4abe14f9260912e94670c
SHA1

3f9fa02cffb75efb677f1c80e6aea88e9c9992e4
SHA256

15f7e7c2071f6c50f6a4c9122eb04f2d0eb2d1380a2c4f1f2548f1040ba682ba
SHA512

9961efd7d8d20a1b48130dbc08e0b0ce8077e3695ac7f99ae8c99a72d8f8a4792f548edf43e2658e1903c946a1b1fd6f651dddc3c994daa943b751bbc2a0c610
SSDEEP

98304:UJEsc65nQ3gI9hTArmnSGsfZ9706OzEvsCO1a+X:6EFMnWlTAr+Sdx970BMia+

Score

10^/10

YTStealer
YTStealer is a malware designed to steal YouTube authentication cookies.
stealer ytstealer

YTStealer payload 3 IoCs

Processes:

resource	yara_rule
behavioral2/memory/4792-116-0x00000000002C0000-0x00000000010D2000-memory.dmp	family_ytstealer
behavioral2/memory/4792-117-0x00000000002C0000-0x00000000010D2000-memory.dmp	family_ytstealer
behavioral2/memory/4792-118-0x00000000002C0000-0x00000000010D2000-memory.dmp	family_ytstealer

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral2/memory/4792-116-0x00000000002C0000-0x00000000010D2000-memory.dmp	upx
behavioral2/memory/4792-117-0x00000000002C0000-0x00000000010D2000-memory.dmp	upx
behavioral2/memory/4792-118-0x00000000002C0000-0x00000000010D2000-memory.dmp	upx

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

C:\Users\Admin\AppData\Local\Temp\15f7e7c2071f6c50f6a4c9122eb04f2d0eb2d1380a2c4f1f2548f1040ba682ba.exe
"C:\Users\Admin\AppData\Local\Temp\15f7e7c2071f6c50f6a4c9122eb04f2d0eb2d1380a2c4f1f2548f1040ba682ba.exe"
1⤵
PID:4792

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

memory/4792-116-0x00000000002C0000-0x00000000010D2000-memory.dmp

Filesize
14.1MB

Download
memory/4792-117-0x00000000002C0000-0x00000000010D2000-memory.dmp

Filesize
14.1MB

Download
memory/4792-118-0x00000000002C0000-0x00000000010D2000-memory.dmp

Filesize
14.1MB

Download