20b8bed3b85f278579ae5eecb833667ca84f8b5fe8a457d29b2e9f288ac5ea4e

Sharing

Copy URL

Twitter E-mail

General

Target

YT Saver 8.0.0 - HaxPC.net.rar
Size

128.7MB
Sample

240807-gjrdgswdkd
MD5

99913157faffc9bf7a89d0733d759c80
SHA1

b0716709a9ca8b94171837a1a66919996eea9e01
SHA256

20b8bed3b85f278579ae5eecb833667ca84f8b5fe8a457d29b2e9f288ac5ea4e
SHA512

a4882c85541dee1444de718b0d4a9df7acffed69bc864e9172a03a28ada26e71d733ffe8a0afa6d38bdb65d848f75f0ac4c291517b90fecb6454699649be409d
SSDEEP

3145728:8qQiBxgw+mTCO+JE6R/Vt9b9bYdI3vXFajIdBumkNA:8qfx3TcJEOLUI/Xoj6QA

Score

5^/10

discovery

Malware Config

Targets

- Target
  
  YT Saver 8.0.0 - HaxPC.net.rar
- Size
  
  128.7MB
- MD5
  
  99913157faffc9bf7a89d0733d759c80
- SHA1
  
  b0716709a9ca8b94171837a1a66919996eea9e01
- SHA256
  
  20b8bed3b85f278579ae5eecb833667ca84f8b5fe8a457d29b2e9f288ac5ea4e
- SHA512
  
  a4882c85541dee1444de718b0d4a9df7acffed69bc864e9172a03a28ada26e71d733ffe8a0afa6d38bdb65d848f75f0ac4c291517b90fecb6454699649be409d
- SSDEEP
  
  3145728:8qQiBxgw+mTCO+JE6R/Vt9b9bYdI3vXFajIdBumkNA:8qfx3TcJEOLUI/Xoj6QA
Score

3^/10
behavioral1
- Target
  
  Setup.exe
- Size
  
  125.8MB
- MD5
  
  19a5d56ca69da4d8d28a03a829ab79ee
- SHA1
  
  594f2d1f89f37eac0c6ae26b4e41b4a6cbf1b0ad
- SHA256
  
  e267a5db451e9854f3923365445ae472ce9fad00d374f3906202002f7088b32b
- SHA512
  
  e20330a38f807cf4dc7006c49d53a19b432958887bd2611c321bddfa8944c19efea243be0a228727f8024f092c6a8f372a6cb52238d1ddd27789018494d916d0
- SSDEEP
  
  3145728:PQiBxgw+mTCO+JE6R/Vt9b9bYdI3vXFajIdBumkNa:Pfx3TcJEOLUI/Xoj6Qa
Score

5^/10

discovery
- Enumerates processes with tasklist
  discovery
behavioral2
- Target
  
  YT Saver .dll Yama.rar
- Size
  
  2.9MB
- MD5
  
  ae24803c6f29242eff3ac4706f74887e
- SHA1
  
  15ef02d5c92d6788fdc0ed01b9cc280feb742b30
- SHA256
  
  00403225608e828712740c2da5f3c3ab0d80333c5aa3bcd091441b57b78e9516
- SHA512
  
  b93c2bd0e2dbdf17151ff9a7311db5ddaed0b81cfdb99f9826678f99c8bb730b6d71b761c5b383b8d0372c586d9e7492e9536620d61845e3ba01ba97dc0145a0
- SSDEEP
  
  49152:QE54sdSLtQkUCjvrLTR00+vZJMtvRWmwEaeZLVksd9P7qf0J4CdzTuJ0/aNrwu2:QdVTLTRl+BJMtJWRjeksAf0J4nGSNU
Score

3^/10
behavioral3
- Target
  
  Hijack Patch Picture.rar
- Size
  
  257KB
- MD5
  
  087456483a2e4943b9777d4c36b70b1b
- SHA1
  
  fe70eabfa51ed3200dc14f097c6010dac5a696c5
- SHA256
  
  75d35b3f58c5d5da388407ae2c44ca82cde13753be5a76d99920c996b9894cc2
- SHA512
  
  b4767fa60badc980c202e4fead6142ec4b8560024770ce447f29ba4f1a8dcf07076bf004ce1fb032ffcf2ab9bb704ba53ccaec8417ee1e5793aeda35e33cb2df
- SSDEEP
  
  6144:408NIPkk9DRd5BhcnZetsi+x91J+/j+wyQNS707fLZ:408NI7btankq1J+/Zs47d
Score

3^/10
behavioral4
- Target
  
  YAMA 1.jpg
- Size
  
  90KB
- MD5
  
  f7876e9c005f0b5d4305240d78c03824
- SHA1
  
  a38f1b7313aa9ef1cfe01a63a76490a2f18abe90
- SHA256
  
  23afcff1ef58fca49662d8b09c461433010850603213e59afa9ec2eba869ffba
- SHA512
  
  48e3f779d9f1e35d4e6af57701a01133978bb35110051bd41b39773a815713ce94098d7ae2a9a378fedd6c0c2c37f252bf84324a45a3ae21cb5117c494ad8612
- SSDEEP
  
  1536:dErJB5HQKWbQbq3yQIjFpPeWRHu0rn4ephSvRyKSfNihIuxF975SXgQlAju7D0MX:2rJBNwbMQCPHRHu0rzRfNihIup75SXgI
Score

3^/10
behavioral5
- Target
  
  YAMA 2.jpg
- Size
  
  40KB
- MD5
  
  5c91024e71b52402ab5e9e8e599f1f8b
- SHA1
  
  a5f254100f99d39b02537bfbbd5ed4be4355bd45
- SHA256
  
  ac594682c86b24908188960d940ffa4b9516f642eef23d5bd135d0adca03007e
- SHA512
  
  58844a3b2561c20b9b87c29c6bc9e872440532cc3e1ef02d9b4c16864c3797f5b137592651d6a65b4cde833e7896ae5831da382f11ca6fe8706b34ad48980205
- SSDEEP
  
  768:qvxiReG7L/AfOci71Oe1xJj28oepK+grGSfp2jUlaTZaK7a:qJyqHQHjJC8A+RbcYZa+a
Score

3^/10
behavioral6
- Target
  
  YAMA 3.jpg
- Size
  
  76KB
- MD5
  
  f3b1ce96e0d5b18f190523a206519712
- SHA1
  
  d2751bfa2f5a1c3027e93d57227803bd86b06c0e
- SHA256
  
  cea24cd06ef1a6f0c0b7f89db3dd6d12b1c21412f91a814ac40b04d5efd185c5
- SHA512
  
  79ac60589f66e60036ab903b539c707811424eb8119ba3e59a5d3daa9d17b3c787a03886e862166946c6e3d7eb0a4194e185cc7216d1b3ed263d39bd787a4b49
- SSDEEP
  
  1536:ki3KnDlTtCs63iQ017C6gyY/3K5Mp/zjsKZ+IkDH:pKDlg356+3U+3cnH
Score

3^/10
behavioral7
- Target
  
  YAMA 4.jpg
- Size
  
  67KB
- MD5
  
  10f3d22b57f2d1041565976b108f852e
- SHA1
  
  e11ee3ced967f73e770c6f8d2e194b249a6488c8
- SHA256
  
  a85a067176bfd250faa766dbd6a274ad7bb3608f3ba31c83f45fa9087d229dc0
- SHA512
  
  0450ccc030a279402f6e57bae6f8eff928371e781feadc2b1123d22e3fab69b34dd1a7e56761e0584c20bc8a8df0fa9fc3608dc96034b11dd12684db799d5b54
- SSDEEP
  
  1536:V50ZpkWr5UMMeao9TgmHjVYDMUaVVoElCvEZXVotnSpM6SOp00:T0HkWNJMVWpj+D8YcZXVi3v0
Score

3^/10
behavioral8
- Target
  
  PYG64.dll
- Size
  
  1.3MB
- MD5
  
  0c98345f142ec5c307d2e3354fd08e95
- SHA1
  
  64a405a9dd1760d72edc8c79c77e9b56427ea2dc
- SHA256
  
  c6e1d9f06b0914f73b5d8279442a8515346d9a39adfef6714c2f89a1d3b54bdb
- SHA512
  
  91aafd9e47f52305708ea172406743507040b7d2d6d68fe3146e6a05b8638f72944d2afd54f1b23234fe988eea0065ab7ec0384add20d732990dc03c7dd9db38
- SSDEEP
  
  24576:IyXrbprozekA3dJG7xjOeGtqYVYkXTY6TTdTatPo0QT0PiQjV0:IGVoyJ3C7xjTGtqYVYkXPlTaW9T030
Score

5^/10
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral9
- Target
  
  YAMA INFO.txt
- Size
  
  585B
- MD5
  
  58578753ce753f9614220fd04e603090
- SHA1
  
  7b49aed462b45d7090f4a2f5d3fa2d7424f9a6f2
- SHA256
  
  9d26a8d7bda3484632b45b3cc3e0840383f0eaea98edeef0eca6dc70f4cc3677
- SHA512
  
  601024b69a1dda7211b9c9d80f0e5973f84730c1677608d60267422b5d812e977a80c50e5e06642e5a787a970613dec45b3984391c02394e758a0d07a944d5c6
Score

3^/10
behavioral10
- Target
  
  winmm.dll
- Size
  
  74KB
- MD5
  
  7f98a54a93e9978012868a35c40dc208
- SHA1
  
  f81f723e28e15830e66d6c915e626548b389d163
- SHA256
  
  4b26672824ad0bf7ef1f1e24d289cbc659c69802550b72e17cdf546aa9cd604e
- SHA512
  
  acb849ea9b65dc27ca9365fac44b2ad35d2d8bc2dd37c8580d36c1e362b8aaa3df8490291828f416bc023adcc644585b5ebfad0777fe2a865d575203bda115fe
- SSDEEP
  
  1536:Bsn9BhF0A5e76qpKZFy6k1I8AQAdQ8L3AqFQLGyxi/p5KW5EVbdVbM/TX:BsnbhFg47y6k1rAQ04yy43KW5EDo
Score

1^/10
behavioral11
- Target
  
  ytsaverw Hijack Patch64.exe
- Size
  
  2.3MB
- MD5
  
  aefe350e31b4c82c75533401e4592ced
- SHA1
  
  2222f9a3292a8073931b992deaf79d0a7acf1e5a
- SHA256
  
  3f6978502a17d859f35727a3bf955d44407cb88ffe821cedc522236025642c3c
- SHA512
  
  134f091b1c526f607bc16e231f71345939cb75c2876f81320857d8d4c863d127e89d0022e8fcf639c7d0616707655e0b7e0778b5a5ec54daca9837c0d51dde19
- SSDEEP
  
  49152:p94SoRH2HQTXGVoyJ3C7xjTGtqYVYkXPlTaW9T03m:340qyk7hTGtjVYktl
Score

3^/10
behavioral12

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1057

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Enumerates processes with tasklist

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12