ytstealer | 81fa5e72eb518f64c845b71709035901ed24f2cd7f4d954b1d4b0f3a4fe63f4b

Analysis

max time kernel
254s
max time network
50s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
30-08-2022 02:05

Target

81fa5e72eb518f64c845b71709035901ed24f2cd7f4d954b1d4b0f3a4fe63f4b.exe
Size

4.0MB
MD5

d056375f145e49d8c5cdaa89ebc39713
SHA1

966074ff51eea3ecd077c819a596e77a3da8d46b
SHA256

81fa5e72eb518f64c845b71709035901ed24f2cd7f4d954b1d4b0f3a4fe63f4b
SHA512

2d0466e443bcf6ec5ee17c202623d4db8b6791f5bf6a77c5a26dfe34ae7a6427fedaba71f6079c2732e1c51780071dbdc9d306b8f264f17452a0689643f18aae
SSDEEP

98304:fiv5uEWvbTZGNxzzXUOHuMRlG6bzkFJZnbuCrDXde:bvfZ6xfUySGz6JZnbxrDXd

Score

10^/10

YTStealer
YTStealer is a malware designed to steal YouTube authentication cookies.
stealer ytstealer

YTStealer payload 3 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1900-54-0x00000000001D0000-0x0000000000FE2000-memory.dmp	family_ytstealer
behavioral1/memory/1900-55-0x00000000001D0000-0x0000000000FE2000-memory.dmp	family_ytstealer
behavioral1/memory/1900-56-0x00000000001D0000-0x0000000000FE2000-memory.dmp	family_ytstealer

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral1/memory/1900-54-0x00000000001D0000-0x0000000000FE2000-memory.dmp	upx
behavioral1/memory/1900-55-0x00000000001D0000-0x0000000000FE2000-memory.dmp	upx
behavioral1/memory/1900-56-0x00000000001D0000-0x0000000000FE2000-memory.dmp	upx

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

C:\Users\Admin\AppData\Local\Temp\81fa5e72eb518f64c845b71709035901ed24f2cd7f4d954b1d4b0f3a4fe63f4b.exe
"C:\Users\Admin\AppData\Local\Temp\81fa5e72eb518f64c845b71709035901ed24f2cd7f4d954b1d4b0f3a4fe63f4b.exe"
1⤵
PID:1900

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

memory/1900-54-0x00000000001D0000-0x0000000000FE2000-memory.dmp

Filesize
14.1MB

Download
memory/1900-55-0x00000000001D0000-0x0000000000FE2000-memory.dmp

Filesize
14.1MB

Download
memory/1900-56-0x00000000001D0000-0x0000000000FE2000-memory.dmp

Filesize
14.1MB

Download