ytstealer | 3595487037dcf807ce3a99232518787290b0a37e56eb63ee62901929b9974277

Analysis

max time kernel
95s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
31-08-2022 09:00

Target

a7bceb417fbb8c136261f3b195d6d7ee.exe
Size

4.0MB
MD5

a7bceb417fbb8c136261f3b195d6d7ee
SHA1

82f78abd9ffd6298e599e05826cc2ec237758a9c
SHA256

3595487037dcf807ce3a99232518787290b0a37e56eb63ee62901929b9974277
SHA512

a5ea37145dbd81bc117b527fba56c68d2b7ef4f5f0d1b965cb2525019794403402733a22bf533dbbf6efe58ca0afc9f433c27464dda42d576daa06b6f707a3e5
SSDEEP

98304:abHZ1MFWV8qtEJlzQ1fv7ltH2HhcPxthrWyKKbCg:gzM0VTt41Qhz2EvhrWyKKbR

Score

10^/10

YTStealer
YTStealer is a malware designed to steal YouTube authentication cookies.
stealer ytstealer

YTStealer payload 3 IoCs

Processes:

resource	yara_rule
behavioral2/memory/4448-132-0x00000000008C0000-0x00000000016D4000-memory.dmp	family_ytstealer
behavioral2/memory/4448-133-0x00000000008C0000-0x00000000016D4000-memory.dmp	family_ytstealer
behavioral2/memory/4448-134-0x00000000008C0000-0x00000000016D4000-memory.dmp	family_ytstealer

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral2/memory/4448-132-0x00000000008C0000-0x00000000016D4000-memory.dmp	upx
behavioral2/memory/4448-133-0x00000000008C0000-0x00000000016D4000-memory.dmp	upx
behavioral2/memory/4448-134-0x00000000008C0000-0x00000000016D4000-memory.dmp	upx

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

C:\Users\Admin\AppData\Local\Temp\a7bceb417fbb8c136261f3b195d6d7ee.exe
"C:\Users\Admin\AppData\Local\Temp\a7bceb417fbb8c136261f3b195d6d7ee.exe"
1⤵
PID:4448

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

memory/4448-132-0x00000000008C0000-0x00000000016D4000-memory.dmp

Filesize
14.1MB

Download
memory/4448-133-0x00000000008C0000-0x00000000016D4000-memory.dmp

Filesize
14.1MB

Download
memory/4448-134-0x00000000008C0000-0x00000000016D4000-memory.dmp

Filesize
14.1MB

Download