Analysis

  • max time kernel
    44s
  • max time network
    50s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    15-09-2022 03:35

General

  • Target

    dd7f8279647853a150bd3ee08925d4c079de2acb210db8dec09a1fad53248a1c.exe

  • Size

    4.0MB

  • MD5

    148e1ad6541bab2335689bcdbf1f1c90

  • SHA1

    373d281dbe13538bebb3abf728f9e8530f1e3de1

  • SHA256

    dd7f8279647853a150bd3ee08925d4c079de2acb210db8dec09a1fad53248a1c

  • SHA512

    fb4aca6054b7a334831e3c17e60709de73ee081c006daf81945bdc0219c8b22c1871f4ad1185fd1fa141ca482a891ee5aab5405eb8def4b2f88c53b02ed03207

  • SSDEEP

    98304:2emOBBB+kSDxxOMp8AtZhhM1eirpfvXAWxDD3g/vq2qoDMkN:22BBD6OMptZhhMZtfvXbxDD3MLqBk

Malware Config

Signatures

  • YTStealer

    YTStealer is a malware designed to steal YouTube authentication cookies.

  • YTStealer payload 2 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dd7f8279647853a150bd3ee08925d4c079de2acb210db8dec09a1fad53248a1c.exe
    "C:\Users\Admin\AppData\Local\Temp\dd7f8279647853a150bd3ee08925d4c079de2acb210db8dec09a1fad53248a1c.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1696
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /C choice /C Y /N /D Y /T 0 &Del C:\Users\Admin\AppData\Local\Temp\dd7f8279647853a150bd3ee08925d4c079de2acb210db8dec09a1fad53248a1c.exe
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1896
      • C:\Windows\system32\choice.exe
        choice /C Y /N /D Y /T 0
        3⤵
          PID:2044

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1696-54-0x0000000000C60000-0x0000000001A38000-memory.dmp

      Filesize

      13.8MB

    • memory/1696-57-0x0000000000C60000-0x0000000001A38000-memory.dmp

      Filesize

      13.8MB

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.