ytstealer | 808c7ac049a188556fbd49d270f08875c68f37e7c5178c2cbf5ff5dfaea1761f

Analysis

max time kernel
245s
max time network
53s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
30-08-2022 02:04

Target

808c7ac049a188556fbd49d270f08875c68f37e7c5178c2cbf5ff5dfaea1761f.exe
Size

4.0MB
MD5

41445d964ef31131dee871cf995e66b7
SHA1

76998a4554e14eba58835679d595a9573e407062
SHA256

808c7ac049a188556fbd49d270f08875c68f37e7c5178c2cbf5ff5dfaea1761f
SHA512

b010542e1e70cdd6f7af26e70aed19de5d9f9f04542fec4fda7b0c804c1bc5b8719bbbd782557da14bff80f49cbeeebf0c68ae644eaaec86e4db30a3a8421843
SSDEEP

98304:0KrroLuJQvtzFKXwn5anMXc8K29mMPtlb+f7P1uhq9ixhv5:1I0w5asK2AMFlKzPBMv5

Score

10^/10

YTStealer
YTStealer is a malware designed to steal YouTube authentication cookies.
stealer ytstealer

YTStealer payload 3 IoCs

Processes:

resource	yara_rule
behavioral1/memory/976-54-0x0000000001030000-0x0000000001E42000-memory.dmp	family_ytstealer
behavioral1/memory/976-55-0x0000000001030000-0x0000000001E42000-memory.dmp	family_ytstealer
behavioral1/memory/976-56-0x0000000001030000-0x0000000001E42000-memory.dmp	family_ytstealer

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral1/memory/976-54-0x0000000001030000-0x0000000001E42000-memory.dmp	upx
behavioral1/memory/976-55-0x0000000001030000-0x0000000001E42000-memory.dmp	upx
behavioral1/memory/976-56-0x0000000001030000-0x0000000001E42000-memory.dmp	upx

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

C:\Users\Admin\AppData\Local\Temp\808c7ac049a188556fbd49d270f08875c68f37e7c5178c2cbf5ff5dfaea1761f.exe
"C:\Users\Admin\AppData\Local\Temp\808c7ac049a188556fbd49d270f08875c68f37e7c5178c2cbf5ff5dfaea1761f.exe"
1⤵
PID:976

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

memory/976-54-0x0000000001030000-0x0000000001E42000-memory.dmp

Filesize
14.1MB

Download
memory/976-55-0x0000000001030000-0x0000000001E42000-memory.dmp

Filesize
14.1MB

Download
memory/976-56-0x0000000001030000-0x0000000001E42000-memory.dmp

Filesize
14.1MB

Download