General
-
Target
YTDownloader_Win_x64.exe
-
Size
113.6MB
-
Sample
240610-wsla6awbkq
-
MD5
fc0dfc8aedebb7c84d582e7ff11489d3
-
SHA1
28c7d2e383773e7a9f9a8254ef10c7f4cbcd1f4d
-
SHA256
c979b6fa8af642f50d3c561e02fb96bfb8b72459a0ef739dc8c7acd115022da4
-
SHA512
fc7a0319b157067bf0e1d5c4f9c15ca5f36035a33a5b89723af6b8bb4ee7665b9bd76ad5fc59ef9b87b340eff7d20393e65b923196632c8a071d6051bbb84ab3
-
SSDEEP
3145728:whe4c0nqm1HZKTmt70dO9F77JqU+/svdpVfKhaXauBYq:v4c0nzt70Qj7Jn+/ydpVChaXauBH
Behavioral task
behavioral1
Sample
YTDownloader_Win_x64.exe
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
YTDownloader_Win_x64.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
YTDownloader_Win_x64.exe
Resource
win11-20240508-en
Malware Config
Targets
-
-
Target
YTDownloader_Win_x64.exe
-
Size
113.6MB
-
MD5
fc0dfc8aedebb7c84d582e7ff11489d3
-
SHA1
28c7d2e383773e7a9f9a8254ef10c7f4cbcd1f4d
-
SHA256
c979b6fa8af642f50d3c561e02fb96bfb8b72459a0ef739dc8c7acd115022da4
-
SHA512
fc7a0319b157067bf0e1d5c4f9c15ca5f36035a33a5b89723af6b8bb4ee7665b9bd76ad5fc59ef9b87b340eff7d20393e65b923196632c8a071d6051bbb84ab3
-
SSDEEP
3145728:whe4c0nqm1HZKTmt70dO9F77JqU+/svdpVfKhaXauBYq:v4c0nzt70Qj7Jn+/ydpVChaXauBH
Score9/10-
Renames multiple (791) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-