MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 076be35a474ae63c118b15aff7bcf2bb4d97e6887c67ad63a49b466370fbd3fe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

YTStealer

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	076be35a474ae63c118b15aff7bcf2bb4d97e6887c67ad63a49b466370fbd3fe
SHA3-384 hash:	bc20879e37000bd800989726f174c97e735cfc655b473206bc3783462706d15298e6ff74a2bac5b9d06ae134ec76737c
SHA1 hash:	ecac2d4f0e3a5ca2b28fcc708721eccf5f842feb
MD5 hash:	55af18096fd31869ffca6567c206d9ab
humanhash:	alanine-carpet-idaho-romeo
File name:	gorilla99.exe
Download:	download sample
Signature	YTStealer Create hunting rule
File size:	4'488'192 bytes
First seen:	2022-10-25 06:57:14 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	9aebf3da4677af9275c461261e5abde3 (25 x YTStealer, 12 x CobaltStrike, 11 x Hive)
ssdeep	98304:spAfXrL+ayRQdWhnk6+5G7iQNVYkrvNntDM6dC1z47aiO3tFm:sQb8udEaPQNOcvNj01z47gt0
Threatray	101 similar samples on MalwareBazaar
TLSH	T151263353A5AE45EAD2EB3EBDC630C6C4EB6FD42356F6A1B74284FB54C0B4E51C4DA200
TrID	64.7% (.EXE) UPX compressed Win64 Executable (70117/5/12) 25.0% (.EXE) UPX compressed Win32 Executable (27066/9/6) 4.6% (.EXE) Win16 NE executable (generic) (5038/12/1) 1.8% (.EXE) OS/2 Executable (generic) (2029/13) 1.8% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter	ankit_anubhav
Tags:	exe YTStealer

Intelligence

File Origin

# of uploads :

# of downloads :

222

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

gorilla99.exe

Verdict:

No threats detected

Analysis date:

2022-10-25 06:59:35 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/06be1c0b-20f0-40bc-8ca3-03fa1fed19f5

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/323811/

Detection(s):

SecuriteInfo.com.Trojan.GenericKD.63047002.24198.23433.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Searching for the window

Launching a process

Creating a process with a hidden window

Using the Windows Management Instrumentation requests

Sending a custom TCP request

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/55a0956d-76a7-4aae-8e0a-3c78d2eeb57a

Result

Threat name:

Unknown

Detection:

malicious

Classification:

spyw.evad

Score:

84 / 100

Link:

https://www.joesandbox.com/analysis/1097291

Signature

Antivirus detection for URL or domain

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Queries memory information (via WMI often done to detect virtual machines)

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Snort IDS alert for network traffic

Tries to harvest and steal browser information (history, passwords, etc)

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/076be35a474ae63c118b15aff7bcf2bb4d97e6887c67ad63a49b466370fbd3fe/

Threat name:

Win64.Infostealer.BroPass

Status:

Malicious

First seen:

2022-10-23 08:23:30 UTC

File Type:

PE+ (Exe)

Extracted files:

AV detection:

16 of 25 (64.00%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=a5v6gwshjltdyemlcwx7pphsxngzpzuiprt22y5etndgg4h32p7a._file

Verdict:

malicious

YTStealer

118cdcd151285cd394c469adb600eec673af5962b08c5bdd71ae165f1b6b0b96

YTStealer

42c5acd0133e2653a0e4f9792906d42f16cf44c6ea920dca1edaf74618feb437

YTStealer

4a75a23c13301872f46f4530b071bc4534a211435d5a8d8534b1455735c571b1

YTStealer

52fbe26c4b9fd1f8fae6d4840ef6741eb6c8bcd4f137f9139ae49b15d1590b20

YTStealer

65d77c6d99bfdf41472afef809ff3a719e16610ac76fc68994b10bbae824dc6d

YTStealer

89a8e60e76d8b381b9813d0da3168daea3aae23d8bb810166e3d5ac264eee7ee

YTStealer

9d5059722c2c1f4cf1f0388f3a15da44b883a9ca9127b9347fdb4933cc1fa6dd

YTStealer

d06077790fb260d6c3ed4af601b5322446d2a0621eb8edf14af8438dc2c02a63

YTStealer

ff3ae8fff0d1862d4bde8f61e0ed14ef76d6d2cc6d940bb83dc0b4cfdacc2752

YTStealer

+ 91 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

spyware stealer upx

Link:

https://tria.ge/reports/221025-hrha8abghm/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Reads user/profile data of web browsers

UPX packed file

Unpacked files

SH256 hash:

e08d52d37a0eaa8bb7420ebc6a88c71ff0e2f01abc058cecb7978aa8b3be9ad0

MD5 hash:

a0decd75355331fb854cc9a2d696c05b

SHA1 hash:

4534c8b4017cfd3b008703c568d8e7cbe6310ae8

Link:

https://www.unpac.me/results/3d9a1019-46eb-4b09-8d0e-e78b5ad99784/

SH256 hash:

076be35a474ae63c118b15aff7bcf2bb4d97e6887c67ad63a49b466370fbd3fe

MD5 hash:

55af18096fd31869ffca6567c206d9ab

SHA1 hash:

ecac2d4f0e3a5ca2b28fcc708721eccf5f842feb

Link:

https://www.unpac.me/results/3d9a1019-46eb-4b09-8d0e-e78b5ad99784/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/076be35a474ae63c118b15aff7bcf2bb4d97e6887c67ad63a49b466370fbd3fe

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/323811/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample