Malware Analysis Report

2024-10-19 02:12

Sample ID 220830-clwzjabdd8
Target 8d8f28e25528bfc43bb60c71f3634b09675ee5aeba9b2fb6b270d7802f045779
SHA256 8d8f28e25528bfc43bb60c71f3634b09675ee5aeba9b2fb6b270d7802f045779
Tags
ytstealer spyware stealer upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

8d8f28e25528bfc43bb60c71f3634b09675ee5aeba9b2fb6b270d7802f045779

Threat Level: Known bad

The file 8d8f28e25528bfc43bb60c71f3634b09675ee5aeba9b2fb6b270d7802f045779 was found to be: Known bad.

Malicious Activity Summary

ytstealer spyware stealer upx

YTStealer

YTStealer payload

UPX packed file

Reads user/profile data of web browsers

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2022-08-30 02:10

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2022-08-30 02:10

Reported

2022-08-30 02:15

Platform

win7-20220812-en

Max time kernel

250s

Max time network

49s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8d8f28e25528bfc43bb60c71f3634b09675ee5aeba9b2fb6b270d7802f045779.exe"

Signatures

YTStealer

stealer ytstealer

YTStealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

Processes

C:\Users\Admin\AppData\Local\Temp\8d8f28e25528bfc43bb60c71f3634b09675ee5aeba9b2fb6b270d7802f045779.exe

"C:\Users\Admin\AppData\Local\Temp\8d8f28e25528bfc43bb60c71f3634b09675ee5aeba9b2fb6b270d7802f045779.exe"

Network

N/A

Files

memory/536-54-0x00000000012C0000-0x00000000020D2000-memory.dmp

memory/536-55-0x00000000012C0000-0x00000000020D2000-memory.dmp

memory/536-56-0x00000000012C0000-0x00000000020D2000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2022-08-30 02:10

Reported

2022-08-30 02:15

Platform

win10-20220812-en

Max time kernel

55s

Max time network

172s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8d8f28e25528bfc43bb60c71f3634b09675ee5aeba9b2fb6b270d7802f045779.exe"

Signatures

YTStealer

stealer ytstealer

YTStealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

Processes

C:\Users\Admin\AppData\Local\Temp\8d8f28e25528bfc43bb60c71f3634b09675ee5aeba9b2fb6b270d7802f045779.exe

"C:\Users\Admin\AppData\Local\Temp\8d8f28e25528bfc43bb60c71f3634b09675ee5aeba9b2fb6b270d7802f045779.exe"

Network

Files

memory/2508-115-0x0000000000A80000-0x0000000001892000-memory.dmp

memory/2508-116-0x0000000000A80000-0x0000000001892000-memory.dmp

memory/2508-117-0x0000000000A80000-0x0000000001892000-memory.dmp