MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1901ae31080f9b8f7c419290eab011086a00355a0451e9f634f545f771753901. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


YTStealer


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1901ae31080f9b8f7c419290eab011086a00355a0451e9f634f545f771753901
SHA3-384 hash: 6675b3eb7f152a377e4e84de65ba7affd6523eda6ae0bb5de1ae0486048c211a1ce95dc7c28e4926a239bb0fec56332f
SHA1 hash: 71c045b6a66fef5dd1f20faefbce8df88c890788
MD5 hash: eaaad4f36853f423ee62272e125708ff
humanhash: mountain-london-freddie-freddie
File name:eaaad4f36853f423ee62272e125708ff
Download: download sample
Signature YTStealer
Create hunting rule
File size:4'229'632 bytes
First seen:2022-08-22 08:11:18 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 9aebf3da4677af9275c461261e5abde3 (25 x YTStealer, 12 x CobaltStrike, 11 x Hive)
ssdeep 98304:GZE6yLCBllCYlMw/XUIxQ602J55hN+mUth1rJe0QO+0hVf/UiYxm:GZEp0iYlMw/9O25wt7qOlhVfsiQ
Threatray 151 similar samples on MalwareBazaar
TLSH T1DC16331E9EA9F274DF48773350F88F51B501768E9E83174879A870F1A95FE283CE5920
TrID 64.7% (.EXE) UPX compressed Win64 Executable (70117/5/12)
25.0% (.EXE) UPX compressed Win32 Executable (27066/9/6)
4.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
1.8% (.EXE) OS/2 Executable (generic) (2029/13)
1.8% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter zbetcheckin
Tags:exe YTStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
305
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
redline
Create hunting rule
ID:
1
File name:
af477d25b88a0059ec73f7f595437162.exe
Verdict:
Malicious activity
Analysis date:
2022-08-21 13:07:20 UTC
Tags:
trojan rat redline loader
Link:
https://app.any.run/tasks/f6f7321c-3bbb-4f45-bcf5-e242e06393f4

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/300172/
Detection(s):
SecuriteInfo.com.Trojan.Win64.BroPass.ic.26977.8377.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug packed trickbot wacatac
Link:
https://www.filescan.io/uploads/63033a5f393b1c8c47032a30/reports/8e840e33-8a26-4b35-9550-750a4d562e83/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/298371be-6b92-413f-9c2b-06d809be7868
Result
Threat name:
Unknown
Detection:
malicious
Classification:
spyw.evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/1055381
Signature
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Queries memory information (via WMI often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1901ae31080f9b8f7c419290eab011086a00355a0451e9f634f545f771753901/
Threat name:
Win64.Infostealer.BroPass
Create hunting rule
Status:
Malicious
First seen:
2022-08-17 15:19:34 UTC
File Type:
PE+ (Exe)
Extracted files:
1
AV detection:
13 of 26 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dea24miib6ny67cbskiovmarbbvaank2ari6t5ru6vc7o4lvheaq._file
Verdict:
suspicious
Similar samples:
30fbed67681818059d7b104cf61989607045a95f320d232304e94851faf16bc5
YTStealer
339022094a1725ae16b8a0571fa0ec432194af1331c69394254c71e942719297
YTStealer
56013a94edeaf931e04fc0103058f3d183f1fd9f46e4e133d6f4bb63a0826486
YTStealer
6ace84c8a5b97075e435df18a59c7dcaa90091c8b3140deedf5139329d1890df
YTStealer
768f937ddc3c623826e129ea564b79e0b7a46e05476b84971e61875cb9ebf16b
YTStealer
8029372ee0d847274003b41f70af056c577b82ad655ccaeb3163775e4bf1dcab
YTStealer
8f22fed63b011354380ce229b053b3b9167d66d37506acd6288886cf526edefe
YTStealer
ab479d019576efd4dd391e0bf3fc1bedb10367e1ece7157d609a283873a43645
YTStealer
adadc8e69ed95353daf38d970dcecffdde40cafc24fefd37db059ff19fcf2c79
YTStealer
f524babf2428be1c97d53f2c6508e9e851ff869d47f6957d9a71178308790200
YTStealer
+ 141 additional samples on MalwareBazaar
Result
Malware family:
ytstealer
Create hunting rule
Score:
  10/10
Tags:
family:ytstealer spyware stealer upx
Link:
https://tria.ge/reports/220822-j3tztsgaa4/
Behaviour
Reads user/profile data of web browsers
UPX packed file
YTStealer
YTStealer payload
Unpacked files
SH256 hash:
cfabed97b69a0f0809d9396499ba0c06f787b75bee053929316c3b751a920fb4
MD5 hash:
39a9bb9e71d151d927428b3366ba6d3a
SHA1 hash:
315c1f58db5dc394811a9a68669a4dc80ea8480f
Link:
https://www.unpac.me/results/d1ffd6dd-da90-4484-b2c1-c2e852b69535/
SH256 hash:
1901ae31080f9b8f7c419290eab011086a00355a0451e9f634f545f771753901
MD5 hash:
eaaad4f36853f423ee62272e125708ff
SHA1 hash:
71c045b6a66fef5dd1f20faefbce8df88c890788
Link:
https://www.unpac.me/results/d1ffd6dd-da90-4484-b2c1-c2e852b69535/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/1901ae31080f9b8f7c419290eab011086a00355a0451e9f634f545f771753901

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

YTStealer

Executable exe 1901ae31080f9b8f7c419290eab011086a00355a0451e9f634f545f771753901

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2275526/
Cape
Cape
https://www.capesandbox.com/analysis/300172/

Comments


Avatar
zbet commented on 2022-08-22 08:11:24 UTC

url : hxxp://31.41.244.146/download/22windows_64.exe