ytstealer | 2b04e0e6b75b5f9eedfccc9382a33019ce6752ceb0d6075df88f1b34f90ae52b

Analysis

max time kernel
144s
max time network
184s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
30-08-2022 01:31

Target

2b04e0e6b75b5f9eedfccc9382a33019ce6752ceb0d6075df88f1b34f90ae52b.exe
Size

4.0MB
MD5

275128f4fb38789a969bab9007745f12
SHA1

f9b63f0d532528801db81cef820e011c00906840
SHA256

2b04e0e6b75b5f9eedfccc9382a33019ce6752ceb0d6075df88f1b34f90ae52b
SHA512

f275a996c8ed4a9860622a6c347e73e23c9a9fd57f1b11b91e8e015d7a0954be06a3547ee42fd688075c22da11674c82908b3c44de0c8193616144e62420002f
SSDEEP

98304:FXMnbYs7efMdloOAPHaq8pCfzpzqGeDQ64N30p9/VC5:FXUbb7+syOAQp4uGgQvNWVVw

Score

10^/10

YTStealer
YTStealer is a malware designed to steal YouTube authentication cookies.
stealer ytstealer

YTStealer payload 3 IoCs

Processes:

resource	yara_rule
behavioral2/memory/2196-120-0x00000000012C0000-0x00000000020D2000-memory.dmp	family_ytstealer
behavioral2/memory/2196-121-0x00000000012C0000-0x00000000020D2000-memory.dmp	family_ytstealer
behavioral2/memory/2196-122-0x00000000012C0000-0x00000000020D2000-memory.dmp	family_ytstealer

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral2/memory/2196-120-0x00000000012C0000-0x00000000020D2000-memory.dmp	upx
behavioral2/memory/2196-121-0x00000000012C0000-0x00000000020D2000-memory.dmp	upx
behavioral2/memory/2196-122-0x00000000012C0000-0x00000000020D2000-memory.dmp	upx

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

C:\Users\Admin\AppData\Local\Temp\2b04e0e6b75b5f9eedfccc9382a33019ce6752ceb0d6075df88f1b34f90ae52b.exe
"C:\Users\Admin\AppData\Local\Temp\2b04e0e6b75b5f9eedfccc9382a33019ce6752ceb0d6075df88f1b34f90ae52b.exe"
1⤵
PID:2196

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

memory/2196-120-0x00000000012C0000-0x00000000020D2000-memory.dmp

Filesize
14.1MB

Download
memory/2196-121-0x00000000012C0000-0x00000000020D2000-memory.dmp

Filesize
14.1MB

Download
memory/2196-122-0x00000000012C0000-0x00000000020D2000-memory.dmp

Filesize
14.1MB

Download