ytstealer | e3e73f85c8047b8e8ab35856bc3abb66a49190006efea50b5d858f992b61f011

Analysis

max time kernel
250s
max time network
261s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
31-08-2022 22:15

Target

e3e73f85c8047b8e8ab35856bc3abb66a49190006efea50b5d858f992b61f011.exe
Size

4.0MB
MD5

a4e66d9c2001a53f8130f5e6c1c822a2
SHA1

542e2b976f5311ff82c5690d0b6209458d79007d
SHA256

e3e73f85c8047b8e8ab35856bc3abb66a49190006efea50b5d858f992b61f011
SHA512

bdabe188bac92c4d3d01b95c4c22f0d55754eff039c44f59ca467ce999ccd9ed31a1c836d7aad1bcab8ff0722537fb55634fdcd550c70eef5b4784b3fb3da15e
SSDEEP

49152:RiVYNDzeZ0Ab2LNMpqGQgPwJr7+2AzUsgo52ngn0qNctqROzQYVXlYUZ3qN6SoNq:RaYNH322Kpq8bco8gn9GqszQyVyNvAw

Score

10^/10

YTStealer
YTStealer is a malware designed to steal YouTube authentication cookies.
stealer ytstealer

YTStealer payload 3 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2044-54-0x0000000000060000-0x0000000000E74000-memory.dmp	family_ytstealer
behavioral1/memory/2044-55-0x0000000000060000-0x0000000000E74000-memory.dmp	family_ytstealer
behavioral1/memory/2044-56-0x0000000000060000-0x0000000000E74000-memory.dmp	family_ytstealer

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral1/memory/2044-54-0x0000000000060000-0x0000000000E74000-memory.dmp	upx
behavioral1/memory/2044-55-0x0000000000060000-0x0000000000E74000-memory.dmp	upx
behavioral1/memory/2044-56-0x0000000000060000-0x0000000000E74000-memory.dmp	upx

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

C:\Users\Admin\AppData\Local\Temp\e3e73f85c8047b8e8ab35856bc3abb66a49190006efea50b5d858f992b61f011.exe
"C:\Users\Admin\AppData\Local\Temp\e3e73f85c8047b8e8ab35856bc3abb66a49190006efea50b5d858f992b61f011.exe"
1⤵
PID:2044

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

memory/2044-54-0x0000000000060000-0x0000000000E74000-memory.dmp

Filesize
14.1MB

Download
memory/2044-55-0x0000000000060000-0x0000000000E74000-memory.dmp

Filesize
14.1MB

Download
memory/2044-56-0x0000000000060000-0x0000000000E74000-memory.dmp

Filesize
14.1MB

Download