Overview

overview

8

Static

static

Flvto Yout...ic.dll

windows7-x64

1

Flvto Yout...ic.dll

windows10-2004-x64

1

Flvto Yout...40.exe

windows7-x64

8

Flvto Yout...40.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Flvto Youtube Downloader 1.3.9.40.zip

  • Size

    13.2MB

  • Sample

    221003-qznrzahfc6

  • MD5

    4620ee80ba7f6fe5d80d705113c4c01f

  • SHA1

    508572eaab020bd9c726318506e6dfa65dc92efe

  • SHA256

    f0a3dff2c1db13cec8e4ec0f87ef25f1f5c4058085a22456725716d40c07170f

  • SHA512

    02fb7f523cc6294e6a4f9aad87241ce877cbe7fd64c5740baec6438036d58c6d0d5841a67bb28a9813f6deeabfc05aa9b2c3492acd095035a42bc6654644746c

  • SSDEEP

    393216:vWNjnZgl3+KcC0GKJ8C0KKrj47Daw4993:+NjnZu3RD0GKwQ7Da/993

Score
8/10
bootkitdiscoveryevasionpersistencespywarestealertrojan

Malware Config

Targets

    • Target

      Flvto Youtube Downloader 1.3.9.40 [FileCR]/Crk/Flvto.Logic.dll

    • Size

      47KB

    • MD5

      620beec8545e4e77f552bc3d4c0f3375

    • SHA1

      5bde994988f720837748f99d4e28069fac797c2e

    • SHA256

      779ce2a3c17415361050604992c79fa09188305d1f63bcd26fe4f8fc3be5fb1f

    • SHA512

      c607e28bc8aeb403f5840c9c6cd17d465d739cc2ed88a1e2a4f5cbb37f6408a3770a0ae0fd3406f4edddb675f2446cdbf8ad94254e9ba8c939bb219c60f1ca84

    • SSDEEP

      768:ppskMk/8kcrvSva47sAeTniu7csPn553V29hpZu+eIdLgiM4bH5j8R4sPJnB/:HCnNjma47lannckBV21k+5dcIVj8R4sf

    Score
    1/10
    behavioral1behavioral2

    • Target

      Flvto Youtube Downloader 1.3.9.40 [FileCR]/Flvto Youtube Downloader 1.3.9.40.exe

    • Size

      13.2MB

    • MD5

      345f5f888522011c0854b8ad837fef7c

    • SHA1

      19414ea02fa39db028e149a0908830eca083d5c8

    • SHA256

      e31dcaed8915e878b6a7f8c90decb2180cf6e128d7145d446cfe9c6c14ccb82b

    • SHA512

      be723f36019750ebe48abc6e1a974273313f9466a135e474262027e737b33caa385e4b1bed45778f97fb6df697c89586a87183de19eb9d6b71e44099a9f3e7c7

    • SSDEEP

      393216:eZEZpam/Y6ks8YyyMiuHxegYCzzWsaCcH9VL:e0amgjsef5HMzYWdBdVL

    Score
    8/10
    bootkitdiscoverypersistenceevasionspywarestealertrojan

    • Downloads MZ/PE file

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Registers COM server for autorun

      persistence

    • Sets service image path in registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence

    • Checks for any installed AV software in registry

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Drops file in System32 directory

    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

3
T1060

Bootkit

1
T1067

Privilege Escalation

Defense Evasion

Modify Registry

5
T1112

Disabling Security Tools

1
T1089

Install Root Certificate

1
T1130

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

6
T1012

System Information Discovery

6
T1082

Security Software Discovery

1
T1063

Peripheral Device Discovery

2
T1120

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks