Analysis

  • max time kernel
    250s
  • max time network
    49s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    30-08-2022 02:02

General

  • Target

    7819f51ad0cc844210b83cc218fe2c750c87cfc6f0c21921a3ceebc62b76b060.exe

  • Size

    4.0MB

  • MD5

    54759c68e5daf4d0195ccc4bd929b6ce

  • SHA1

    4dd9a7932308baec2b2d9d5e87aca88a488ac74e

  • SHA256

    7819f51ad0cc844210b83cc218fe2c750c87cfc6f0c21921a3ceebc62b76b060

  • SHA512

    1ca17ba07d44b26e25e7594a33510d772079e754fa8c06cde97cc5ede4d5a40e2e5ba0605ea1b075ac3e4e3c167075dacbd86094d5e5861195d1376352572d12

  • SSDEEP

    98304:cypn9dCRasCcYO/RT4V9KOJHXPXuKStQLHITrz45L534jnGsvapM:lpPO/Rs2OJHvfS278zcLB

Malware Config

Signatures

  • YTStealer

    YTStealer is a malware designed to steal YouTube authentication cookies.

  • YTStealer payload 3 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

Processes

  • C:\Users\Admin\AppData\Local\Temp\7819f51ad0cc844210b83cc218fe2c750c87cfc6f0c21921a3ceebc62b76b060.exe
    "C:\Users\Admin\AppData\Local\Temp\7819f51ad0cc844210b83cc218fe2c750c87cfc6f0c21921a3ceebc62b76b060.exe"
    1⤵
      PID:1208

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1208-54-0x00000000003E0000-0x00000000011F1000-memory.dmp

      Filesize

      14.1MB

    • memory/1208-55-0x00000000003E0000-0x00000000011F1000-memory.dmp

      Filesize

      14.1MB

    • memory/1208-56-0x00000000003E0000-0x00000000011F1000-memory.dmp

      Filesize

      14.1MB