Analysis
-
max time kernel
52s -
max time network
177s -
platform
windows10-1703_x64 -
resource
win10-20220812-en -
resource tags
-
submitted
30-08-2022 02:11
General
-
Target
9674f05d8a78c40b54eab42152dacd164bee214f0a27fc0aff4edae03c6c7468.exe
-
Size
4.0MB
-
MD5
177e6f924bf10adf7763b32bb76bf1e9
-
SHA1
e0c650a22b13ac883cb97fa28ca1a517764bbec6
-
SHA256
9674f05d8a78c40b54eab42152dacd164bee214f0a27fc0aff4edae03c6c7468
-
SHA512
caba605fa6d0addfb104828146fcb5ab4114dac27aa68ca3361b9c35002c5503d668a7fe0d2e8126ed11c5a530d4835896499de0f78e8f91ecd8a3b84ff4ae88
-
SSDEEP
98304:DpTua8itN8c0QzdqiA3VMW5xvdEtovFz48yeIKgc/dv+Zqhcn/:P89QzdLA3TzWtov6B6v+
Score
10/10
Malware Config
Signatures
-
YTStealer
YTStealer is a malware designed to steal YouTube authentication cookies.
-
YTStealer payload 3 IoCs
-
UPX packed file 3 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
Processes
-
C:\Users\Admin\AppData\Local\Temp\9674f05d8a78c40b54eab42152dacd164bee214f0a27fc0aff4edae03c6c7468.exe"C:\Users\Admin\AppData\Local\Temp\9674f05d8a78c40b54eab42152dacd164bee214f0a27fc0aff4edae03c6c7468.exe"1⤵
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2696-119-0x0000000000E40000-0x0000000001C52000-memory.dmpFilesize
14.1MB
-
memory/2696-120-0x0000000000E40000-0x0000000001C52000-memory.dmpFilesize
14.1MB
-
memory/2696-121-0x0000000000E40000-0x0000000001C52000-memory.dmpFilesize
14.1MB