ytstealer | 97a20e483ae9a8910fb9c71b89fd2245c32dca6cb140ff4924396749e871d6ed

Analysis

max time kernel
53s
max time network
181s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
05-09-2022 22:18

Target

97a20e483ae9a8910fb9c71b89fd2245c32dca6cb140ff4924396749e871d6ed.exe
Size

4.3MB
MD5

4462c84266c4ebda3a424e5716966c5d
SHA1

6eadce32021d4458c0c9aa1ed495386341cc8300
SHA256

97a20e483ae9a8910fb9c71b89fd2245c32dca6cb140ff4924396749e871d6ed
SHA512

aa9d40f1c2fd04f25422b8834ae68ac33a99fb412603dc0859adbfbe848f6d58278435062413ab650d63cddc6a722ce9d3ced846127174f5af64433f8133f384
SSDEEP

98304:u0CcBwzdfo032ZiBW3f9yl7GdiwkZ9SYDA5AhXhxqQPU5Tmn:uywJ1Faf9iKs1bSYDq6hwwYKn

Score

10^/10

YTStealer
YTStealer is a malware designed to steal YouTube authentication cookies.
stealer ytstealer

YTStealer payload 3 IoCs

Processes:

resource	yara_rule
behavioral2/memory/2696-119-0x0000000000A40000-0x000000000185B000-memory.dmp	family_ytstealer
behavioral2/memory/2696-120-0x0000000000A40000-0x000000000185B000-memory.dmp	family_ytstealer
behavioral2/memory/2696-121-0x0000000000A40000-0x000000000185B000-memory.dmp	family_ytstealer

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral2/memory/2696-119-0x0000000000A40000-0x000000000185B000-memory.dmp	upx
behavioral2/memory/2696-120-0x0000000000A40000-0x000000000185B000-memory.dmp	upx
behavioral2/memory/2696-121-0x0000000000A40000-0x000000000185B000-memory.dmp	upx

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

C:\Users\Admin\AppData\Local\Temp\97a20e483ae9a8910fb9c71b89fd2245c32dca6cb140ff4924396749e871d6ed.exe
"C:\Users\Admin\AppData\Local\Temp\97a20e483ae9a8910fb9c71b89fd2245c32dca6cb140ff4924396749e871d6ed.exe"
1⤵
PID:2696

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

memory/2696-119-0x0000000000A40000-0x000000000185B000-memory.dmp

Filesize
14.1MB

Download
memory/2696-120-0x0000000000A40000-0x000000000185B000-memory.dmp

Filesize
14.1MB

Download
memory/2696-121-0x0000000000A40000-0x000000000185B000-memory.dmp

Filesize
14.1MB

Download