ytstealer | 1901ae31080f9b8f7c419290eab011086a00355a0451e9f634f545f771753901

Analysis

max time kernel
240s
max time network
53s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
30-08-2022 01:22

Target

1901ae31080f9b8f7c419290eab011086a00355a0451e9f634f545f771753901.exe
Size

4.0MB
MD5

eaaad4f36853f423ee62272e125708ff
SHA1

71c045b6a66fef5dd1f20faefbce8df88c890788
SHA256

1901ae31080f9b8f7c419290eab011086a00355a0451e9f634f545f771753901
SHA512

05292ae056faf45359b62d8feb6926c1144623e997df0893b9a74e423b84761f2ab6e3786c7fc5d7784e3ae9bff7c2e21166cbb7723f6315538357e674587431
SSDEEP

98304:GZE6yLCBllCYlMw/XUIxQ602J55hN+mUth1rJe0QO+0hVf/UiYxm:GZEp0iYlMw/9O25wt7qOlhVfsiQ

Score

10^/10

YTStealer
YTStealer is a malware designed to steal YouTube authentication cookies.
stealer ytstealer

YTStealer payload 3 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1656-54-0x0000000000DD0000-0x0000000001BE2000-memory.dmp	family_ytstealer
behavioral1/memory/1656-55-0x0000000000DD0000-0x0000000001BE2000-memory.dmp	family_ytstealer
behavioral1/memory/1656-56-0x0000000000DD0000-0x0000000001BE2000-memory.dmp	family_ytstealer

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral1/memory/1656-54-0x0000000000DD0000-0x0000000001BE2000-memory.dmp	upx
behavioral1/memory/1656-55-0x0000000000DD0000-0x0000000001BE2000-memory.dmp	upx
behavioral1/memory/1656-56-0x0000000000DD0000-0x0000000001BE2000-memory.dmp	upx

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

C:\Users\Admin\AppData\Local\Temp\1901ae31080f9b8f7c419290eab011086a00355a0451e9f634f545f771753901.exe
"C:\Users\Admin\AppData\Local\Temp\1901ae31080f9b8f7c419290eab011086a00355a0451e9f634f545f771753901.exe"
1⤵
PID:1656

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

memory/1656-54-0x0000000000DD0000-0x0000000001BE2000-memory.dmp

Filesize
14.1MB

Download
memory/1656-55-0x0000000000DD0000-0x0000000001BE2000-memory.dmp

Filesize
14.1MB

Download
memory/1656-56-0x0000000000DD0000-0x0000000001BE2000-memory.dmp

Filesize
14.1MB

Download