General
-
Target
YTbotpro.exe
-
Size
320KB
-
Sample
230129-zq7yxsea7y
-
MD5
5c4577025e266b3e52fe22c4051fb5ad
-
SHA1
1b9dd3a30686c64da035d384306d09e35f2b39c0
-
SHA256
eadfac21e4580ff8425d7b233a46f097710f6b132aaa42cbf7f9b7a7fc174b52
-
SHA512
7747563f58a32c94ec5c70f9e4019a50822a243144d0e71888321c867553341970231d09a658b0d509535fd01fb895b96fb5db2c1007d7b00ed9326e15fd70dd
-
SSDEEP
6144:Cm/Q1Q5Ng68j/svmHC40+XIzFUygWK0tWrcBOvD:Cm/Q6P8j/svm1TXI5tZB
Behavioral task
behavioral1
Sample
YTbotpro.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
YTbotpro.exe
-
Size
320KB
-
MD5
5c4577025e266b3e52fe22c4051fb5ad
-
SHA1
1b9dd3a30686c64da035d384306d09e35f2b39c0
-
SHA256
eadfac21e4580ff8425d7b233a46f097710f6b132aaa42cbf7f9b7a7fc174b52
-
SHA512
7747563f58a32c94ec5c70f9e4019a50822a243144d0e71888321c867553341970231d09a658b0d509535fd01fb895b96fb5db2c1007d7b00ed9326e15fd70dd
-
SSDEEP
6144:Cm/Q1Q5Ng68j/svmHC40+XIzFUygWK0tWrcBOvD:Cm/Q6P8j/svm1TXI5tZB
Score10/10-
StormKitty payload
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-