c979b6fa8af642f50d3c561e02fb96bfb8b72459a0ef739dc8c7acd115022da4 | Triage

Submit
Reports

Overview

overview

9

Static

static

7

YTDownload...64.exe

windows10-1703-x64

9

YTDownload...64.exe

windows10-2004-x64

9

YTDownload...64.exe

windows11-21h2-x64

9

Resubmissions

10-06-2024 18:27

240610-w37l5swbqa 9

10-06-2024 18:16

240610-wwrmcawcnn 7

10-06-2024 18:11

240610-wsla6awbkq 9

Sharing

General

Target

YTDownloader_Win_x64.exe
Size

113.6MB
Sample

240610-w37l5swbqa
MD5

fc0dfc8aedebb7c84d582e7ff11489d3
SHA1

28c7d2e383773e7a9f9a8254ef10c7f4cbcd1f4d
SHA256

c979b6fa8af642f50d3c561e02fb96bfb8b72459a0ef739dc8c7acd115022da4
SHA512

fc7a0319b157067bf0e1d5c4f9c15ca5f36035a33a5b89723af6b8bb4ee7665b9bd76ad5fc59ef9b87b340eff7d20393e65b923196632c8a071d6051bbb84ab3
SSDEEP

3145728:whe4c0nqm1HZKTmt70dO9F77JqU+/svdpVfKhaXauBYq:v4c0nzt70Qj7Jn+/ydpVChaXauBH

Score

9^/10

discovery ransomware upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

YTDownloader_Win_x64.exe

Resource

win10-20240404-en

discovery ransomware upx

windows10-1703-x64

11 signatures

300 seconds

Behavioral task

behavioral2

Sample

YTDownloader_Win_x64.exe

Resource

win10v2004-20240426-en

discovery ransomware upx

windows10-2004-x64

9 signatures

300 seconds

Behavioral task

behavioral3

Sample

YTDownloader_Win_x64.exe

Resource

win11-20240426-en

discovery ransomware upx

windows11-21h2-x64

11 signatures

300 seconds

Malware Config

Targets

- Target
  
  YTDownloader_Win_x64.exe
- Size
  
  113.6MB
- MD5
  
  fc0dfc8aedebb7c84d582e7ff11489d3
- SHA1
  
  28c7d2e383773e7a9f9a8254ef10c7f4cbcd1f4d
- SHA256
  
  c979b6fa8af642f50d3c561e02fb96bfb8b72459a0ef739dc8c7acd115022da4
- SHA512
  
  fc7a0319b157067bf0e1d5c4f9c15ca5f36035a33a5b89723af6b8bb4ee7665b9bd76ad5fc59ef9b87b340eff7d20393e65b923196632c8a071d6051bbb84ab3
- SSDEEP
  
  3145728:whe4c0nqm1HZKTmt70dO9F77JqU+/svdpVfKhaXauBYq:v4c0nzt70Qj7Jn+/ydpVChaXauBH
Score

9^/10

discovery ransomware upx
- Renames multiple (791) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Process Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

discoveryransomwareupx

behavioral2

discoveryransomwareupx

behavioral3

discoveryransomwareupx

© 2018-2024

Terms | Privacy