ytstealer | bd541cea6c9162659014e284f175bab6caf5eb2ef46e25c071920d6ce677e2fb

Analysis

max time kernel
56s
max time network
183s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
15-09-2022 03:34

Target

bd541cea6c9162659014e284f175bab6caf5eb2ef46e25c071920d6ce677e2fb.exe
Size

4.0MB
MD5

a84e78bc369cf54991fcfe4aa01fe8f8
SHA1

9c36f08370b56800fa3c5e2e8ae64fce458d9e9d
SHA256

bd541cea6c9162659014e284f175bab6caf5eb2ef46e25c071920d6ce677e2fb
SHA512

ab93b206d31c7f7ff9a7a1143c30a966de24285c3555ece34fee5c420506e15e1c9692d3a3f2d97f2195c365e8538c9c52f9a525477d25d7ba0793c35a11ce63
SSDEEP

98304:LB50BY64n1nr+oVLXTGLAODr+yfVAKG6enTSbbeRS2K:L+I1r+eLXypDr+ytAfnubPf

Score

10^/10

YTStealer
YTStealer is a malware designed to steal YouTube authentication cookies.
stealer ytstealer

YTStealer payload 3 IoCs

Processes:

resource	yara_rule
behavioral2/memory/1324-115-0x0000000001150000-0x0000000001F62000-memory.dmp	family_ytstealer
behavioral2/memory/1324-116-0x0000000001150000-0x0000000001F62000-memory.dmp	family_ytstealer
behavioral2/memory/1324-117-0x0000000001150000-0x0000000001F62000-memory.dmp	family_ytstealer

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral2/memory/1324-115-0x0000000001150000-0x0000000001F62000-memory.dmp	upx
behavioral2/memory/1324-116-0x0000000001150000-0x0000000001F62000-memory.dmp	upx
behavioral2/memory/1324-117-0x0000000001150000-0x0000000001F62000-memory.dmp	upx

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

C:\Users\Admin\AppData\Local\Temp\bd541cea6c9162659014e284f175bab6caf5eb2ef46e25c071920d6ce677e2fb.exe
"C:\Users\Admin\AppData\Local\Temp\bd541cea6c9162659014e284f175bab6caf5eb2ef46e25c071920d6ce677e2fb.exe"
1⤵
PID:1324

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

memory/1324-115-0x0000000001150000-0x0000000001F62000-memory.dmp

Filesize
14.1MB

Download
memory/1324-116-0x0000000001150000-0x0000000001F62000-memory.dmp

Filesize
14.1MB

Download
memory/1324-117-0x0000000001150000-0x0000000001F62000-memory.dmp

Filesize
14.1MB

Download