MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3595487037dcf807ce3a99232518787290b0a37e56eb63ee62901929b9974277. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


YTStealer


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3595487037dcf807ce3a99232518787290b0a37e56eb63ee62901929b9974277
SHA3-384 hash: 355b4c388365bb3986b3fc5d6ca8db459af13cc2970e880a8b068febc517b1e540e73762f4b3c42471236258caeb53cd
SHA1 hash: 82f78abd9ffd6298e599e05826cc2ec237758a9c
MD5 hash: a7bceb417fbb8c136261f3b195d6d7ee
humanhash: mirror-lima-sodium-tango
File name:a7bceb417fbb8c136261f3b195d6d7ee
Download: download sample
Signature YTStealer
Create hunting rule
File size:4'233'728 bytes
First seen:2022-08-31 08:59:58 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 9aebf3da4677af9275c461261e5abde3 (25 x YTStealer, 12 x CobaltStrike, 11 x Hive)
ssdeep 98304:abHZ1MFWV8qtEJlzQ1fv7ltH2HhcPxthrWyKKbCg:gzM0VTt41Qhz2EvhrWyKKbR
TLSH T13B1633E5513487EECD0D92F9441671085089ED4EBC03B7FB249E25CB6AAEF687312AF0
TrID 64.7% (.EXE) UPX compressed Win64 Executable (70117/5/12)
25.0% (.EXE) UPX compressed Win32 Executable (27066/9/6)
4.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
1.8% (.EXE) OS/2 Executable (generic) (2029/13)
1.8% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter zbetcheckin
Tags:exe YTStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
281
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
3595487037dcf807ce3a99232518787290b0a37e56eb63ee62901929b9974277.zip
Verdict:
No threats detected
Analysis date:
2022-08-31 11:43:40 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/7131a9c0-4f1b-4e19-94fd-1965ec7430db

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/306763/
Result
Verdict:
Clean
Maliciousness:
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-debug packed
Link:
https://www.filescan.io/uploads/630f235d1b96a7c80cc46ad3/reports/7c06d09f-d113-49c9-9091-6d93b02dc51f/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
YTStealer
Create hunting rule
Detection:
malicious
Classification:
troj.evad.spyw
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/1061509
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3595487037dcf807ce3a99232518787290b0a37e56eb63ee62901929b9974277/
Threat name:
Win64.Infostealer.Goback
Create hunting rule
Status:
Malicious
First seen:
2022-08-31 09:00:31 UTC
File Type:
PE+ (Exe)
Extracted files:
1
AV detection:
18 of 26 (69.23%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=gwkuq4bx3t4aptr2terskgdyokilbi36k3vwh3tcsamstomxij3q._file
Result
Malware family:
ytstealer
Create hunting rule
Score:
  10/10
Tags:
family:ytstealer spyware stealer upx
Link:
https://tria.ge/reports/220831-kybhcsdec9/
Behaviour
Reads user/profile data of web browsers
UPX packed file
YTStealer
YTStealer payload
Unpacked files
SH256 hash:
7762adf5175b8d65e3a9b295007882711a9fb76c69651e71bb0b1f25564798ce
MD5 hash:
70d805da555772d3bb4c2ba5a8657d82
SHA1 hash:
fcc331de3fb1a2af05659cfe808d38d0548276b6
Link:
https://www.unpac.me/results/6fb7d643-ecea-43fd-919d-172eb6884345/
SH256 hash:
3595487037dcf807ce3a99232518787290b0a37e56eb63ee62901929b9974277
MD5 hash:
a7bceb417fbb8c136261f3b195d6d7ee
SHA1 hash:
82f78abd9ffd6298e599e05826cc2ec237758a9c
Link:
https://www.unpac.me/results/6fb7d643-ecea-43fd-919d-172eb6884345/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

YTStealer

Executable exe 3595487037dcf807ce3a99232518787290b0a37e56eb63ee62901929b9974277

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2286408/
Cape
Cape
https://www.capesandbox.com/analysis/306763/

Comments


Avatar
zbet commented on 2022-08-31 09:00:04 UTC

url : hxxps://dl.uploadgram.me/630dc4f8cfd7ag?raw/