ytstealer | 2dc2d25c60bd41f0968451d0c24397cb0f66fb3550bd08b840dcdf3fd1c9ddcf

Analysis

max time kernel
249s
max time network
49s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
30-08-2022 01:32

Target

2dc2d25c60bd41f0968451d0c24397cb0f66fb3550bd08b840dcdf3fd1c9ddcf.exe
Size

4.0MB
MD5

90fe43609906e11995606936f41a938c
SHA1

f537bc8adb91aa15e91d7a5be9628b811a6eafa0
SHA256

2dc2d25c60bd41f0968451d0c24397cb0f66fb3550bd08b840dcdf3fd1c9ddcf
SHA512

a3607f34c9876060bb5854823121daf284a87b37bac35bee63f2d92bf869ad7082100e45b39566390ac9d79e3bf925f18ac4f671ee6992c74bdad4f9a974cf6c
SSDEEP

98304:j+xfV7okw9Yc0HbFm9kDB82X2LrplUCBW9d8:j+xf5S9YXRm9kDB82X2nHUdo

Score

10^/10

YTStealer
YTStealer is a malware designed to steal YouTube authentication cookies.
stealer ytstealer

YTStealer payload 3 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1948-54-0x0000000001220000-0x0000000002032000-memory.dmp	family_ytstealer
behavioral1/memory/1948-55-0x0000000001220000-0x0000000002032000-memory.dmp	family_ytstealer
behavioral1/memory/1948-56-0x0000000001220000-0x0000000002032000-memory.dmp	family_ytstealer

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral1/memory/1948-54-0x0000000001220000-0x0000000002032000-memory.dmp	upx
behavioral1/memory/1948-55-0x0000000001220000-0x0000000002032000-memory.dmp	upx
behavioral1/memory/1948-56-0x0000000001220000-0x0000000002032000-memory.dmp	upx

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

C:\Users\Admin\AppData\Local\Temp\2dc2d25c60bd41f0968451d0c24397cb0f66fb3550bd08b840dcdf3fd1c9ddcf.exe
"C:\Users\Admin\AppData\Local\Temp\2dc2d25c60bd41f0968451d0c24397cb0f66fb3550bd08b840dcdf3fd1c9ddcf.exe"
1⤵
PID:1948

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

memory/1948-54-0x0000000001220000-0x0000000002032000-memory.dmp

Filesize
14.1MB

Download
memory/1948-55-0x0000000001220000-0x0000000002032000-memory.dmp

Filesize
14.1MB

Download
memory/1948-56-0x0000000001220000-0x0000000002032000-memory.dmp

Filesize
14.1MB

Download