ytstealer | d3fa926696d5424a060fb585524efb316604afae1cb7ffc0384f9aca1614819c

Analysis

max time kernel
144s
max time network
182s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
30-08-2022 10:15

Target

d3fa926696d5424a060fb585524efb316604afae1cb7ffc0384f9aca1614819c.exe
Size

4.0MB
MD5

f388971a3bc469307e70aa9e0e47ad7c
SHA1

a23215c991ac2dff71615cfabdceb90eaee548e7
SHA256

d3fa926696d5424a060fb585524efb316604afae1cb7ffc0384f9aca1614819c
SHA512

7dadcb45ebc902dad54320b51341c306026ad168b80964343fa400752454b2f629a7c5277f0e57196595a4cc67c383b3714e094af355916d43aebd84277cfdd4
SSDEEP

49152:SRdqsF4nRqTgHMAQlhNF+28bqmfLL2GADu5/QGvD2+o9VJ38TO0N5lQJYqGKUVZC:yr2Rq8M4+DfzRs1lCGKUVZ92XSWx

Score

10^/10

YTStealer
YTStealer is a malware designed to steal YouTube authentication cookies.
stealer ytstealer

YTStealer payload 3 IoCs

Processes:

resource	yara_rule
behavioral2/memory/2796-115-0x0000000000380000-0x0000000001194000-memory.dmp	family_ytstealer
behavioral2/memory/2796-116-0x0000000000380000-0x0000000001194000-memory.dmp	family_ytstealer
behavioral2/memory/2796-117-0x0000000000380000-0x0000000001194000-memory.dmp	family_ytstealer

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral2/memory/2796-115-0x0000000000380000-0x0000000001194000-memory.dmp	upx
behavioral2/memory/2796-116-0x0000000000380000-0x0000000001194000-memory.dmp	upx
behavioral2/memory/2796-117-0x0000000000380000-0x0000000001194000-memory.dmp	upx

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

C:\Users\Admin\AppData\Local\Temp\d3fa926696d5424a060fb585524efb316604afae1cb7ffc0384f9aca1614819c.exe
"C:\Users\Admin\AppData\Local\Temp\d3fa926696d5424a060fb585524efb316604afae1cb7ffc0384f9aca1614819c.exe"
1⤵
PID:2796

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

memory/2796-115-0x0000000000380000-0x0000000001194000-memory.dmp

Filesize
14.1MB

Download
memory/2796-116-0x0000000000380000-0x0000000001194000-memory.dmp

Filesize
14.1MB

Download
memory/2796-117-0x0000000000380000-0x0000000001194000-memory.dmp

Filesize
14.1MB

Download