ytstealer | 6d5320cd6e4cfc208f6703fff254b6f1363e1afdf7d8e77155549a674fa3a263

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02-09-2022 13:26

Target

6d5320cd6e4cfc208f6703fff254b6f1363e1afdf7d8e77155549a674fa3a263.exe
Size

4.0MB
MD5

96ec3efa9bd454550b615df142b08295
SHA1

4a8a6d3a8d94f02194822c2066e11800a518c8d6
SHA256

6d5320cd6e4cfc208f6703fff254b6f1363e1afdf7d8e77155549a674fa3a263
SHA512

8e3945604e8992d3630ae716e09d3a9a3052a2ddbccf15bcaac9b636a0a49879552cbd58f299ddc6b4dd7e8b6e915c29b35bfc3a0a3f449c41f7caae776c0b6b
SSDEEP

98304:nKxZWSv8fBG6l/mNu13T3Gf4fN11cB50kd3SaNkG:cwNbuNii8D1c8

Score

10^/10

YTStealer
YTStealer is a malware designed to steal YouTube authentication cookies.
stealer ytstealer

YTStealer payload 3 IoCs

Processes:

resource	yara_rule
behavioral1/memory/400-132-0x0000000000B00000-0x0000000001914000-memory.dmp	family_ytstealer
behavioral1/memory/400-133-0x0000000000B00000-0x0000000001914000-memory.dmp	family_ytstealer
behavioral1/memory/400-134-0x0000000000B00000-0x0000000001914000-memory.dmp	family_ytstealer

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral1/memory/400-132-0x0000000000B00000-0x0000000001914000-memory.dmp	upx
behavioral1/memory/400-133-0x0000000000B00000-0x0000000001914000-memory.dmp	upx
behavioral1/memory/400-134-0x0000000000B00000-0x0000000001914000-memory.dmp	upx

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

C:\Users\Admin\AppData\Local\Temp\6d5320cd6e4cfc208f6703fff254b6f1363e1afdf7d8e77155549a674fa3a263.exe
"C:\Users\Admin\AppData\Local\Temp\6d5320cd6e4cfc208f6703fff254b6f1363e1afdf7d8e77155549a674fa3a263.exe"
1⤵
PID:400

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

memory/400-132-0x0000000000B00000-0x0000000001914000-memory.dmp

Filesize
14.1MB

Download
memory/400-133-0x0000000000B00000-0x0000000001914000-memory.dmp

Filesize
14.1MB

Download
memory/400-134-0x0000000000B00000-0x0000000001914000-memory.dmp

Filesize
14.1MB

Download