General
-
Target
YT Tools v3.8.rar
-
Size
272.4MB
-
Sample
240316-e8fl6scb2s
-
MD5
2d0e61ac1ab014a5ea1da333370a9ccc
-
SHA1
c23988ea432f83bc098f37ccf67068bb91157c68
-
SHA256
8d18fe99fa89a0e433dc5bb2a714f9ad8585508bd951de48e8c407321e19b63d
-
SHA512
e4749399a4bf3590cd0ac7b139ea2d2014779fe1ba7f5b85a9ddd9904a4db264c379acf4fe661b953c6972b15ee00f45f57574609667090d19586ae66236c409
-
SSDEEP
6291456:HsX0d3HUosm001aSlfMZqJzCYEIastSoc7sykPvtJ:HskdkN0fSqRE5ylc7DkNJ
Static task
static1
Behavioral task
behavioral1
Sample
YT Tools v3.8.rar
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
YT Tools v3.8.rar
-
Size
272.4MB
-
MD5
2d0e61ac1ab014a5ea1da333370a9ccc
-
SHA1
c23988ea432f83bc098f37ccf67068bb91157c68
-
SHA256
8d18fe99fa89a0e433dc5bb2a714f9ad8585508bd951de48e8c407321e19b63d
-
SHA512
e4749399a4bf3590cd0ac7b139ea2d2014779fe1ba7f5b85a9ddd9904a4db264c379acf4fe661b953c6972b15ee00f45f57574609667090d19586ae66236c409
-
SSDEEP
6291456:HsX0d3HUosm001aSlfMZqJzCYEIastSoc7sykPvtJ:HskdkN0fSqRE5ylc7DkNJ
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
PureLog Stealer payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-