Analysis
-
max time kernel
280s -
max time network
298s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
30-08-2022 10:15
General
-
Target
d3fa926696d5424a060fb585524efb316604afae1cb7ffc0384f9aca1614819c.exe
-
Size
4.0MB
-
MD5
f388971a3bc469307e70aa9e0e47ad7c
-
SHA1
a23215c991ac2dff71615cfabdceb90eaee548e7
-
SHA256
d3fa926696d5424a060fb585524efb316604afae1cb7ffc0384f9aca1614819c
-
SHA512
7dadcb45ebc902dad54320b51341c306026ad168b80964343fa400752454b2f629a7c5277f0e57196595a4cc67c383b3714e094af355916d43aebd84277cfdd4
-
SSDEEP
49152:SRdqsF4nRqTgHMAQlhNF+28bqmfLL2GADu5/QGvD2+o9VJ38TO0N5lQJYqGKUVZC:yr2Rq8M4+DfzRs1lCGKUVZ92XSWx
Score
10/10
Malware Config
Signatures
-
YTStealer
YTStealer is a malware designed to steal YouTube authentication cookies.
-
YTStealer payload 2 IoCs
-
UPX packed file 2 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
Processes
-
C:\Users\Admin\AppData\Local\Temp\d3fa926696d5424a060fb585524efb316604afae1cb7ffc0384f9aca1614819c.exe"C:\Users\Admin\AppData\Local\Temp\d3fa926696d5424a060fb585524efb316604afae1cb7ffc0384f9aca1614819c.exe"1⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1280-54-0x0000000000D70000-0x0000000001B84000-memory.dmpFilesize
14.1MB
-
memory/1280-55-0x0000000000D70000-0x0000000001B84000-memory.dmpFilesize
14.1MB