MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 41b141e122bd86a5c4279094916564759cc342ae3b95fffd80af4b9676aa61b7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

YTStealer

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	41b141e122bd86a5c4279094916564759cc342ae3b95fffd80af4b9676aa61b7
SHA3-384 hash:	f30ccfc0b74b7a5146c505570639a4c9e769eef5ce585f84dee0b25bce7a1e952c077db7c7d2b4ff16b6bfa9d0cc017f
SHA1 hash:	6e2b476be8b361e8c1e5bb14efe5d3842b4d7ca3
MD5 hash:	acbd6173a4cc040b91a810e060e06fcc
humanhash:	vermont-alanine-carbon-wisconsin
File name:	acbd6173a4cc040b91a810e060e06fcc
Download:	download sample
Signature	YTStealer Create hunting rule
File size:	4'332'032 bytes
First seen:	2022-07-15 03:03:20 UTC
Last seen:	2024-07-24 13:32:31 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	9aebf3da4677af9275c461261e5abde3 (25 x YTStealer, 12 x CobaltStrike, 11 x Hive)
ssdeep	98304:royA1kjpIEmmCJRuCtmUs4yfPn6pXGV2oQn8cOATub:kz1kjpIEmDJxs42G2gndO2u
Threatray	135 similar samples on MalwareBazaar
TLSH	T1621633D15EB508A5E2BFAC3056662737D660186BF9FD8022F46B6889FCF15E4FC819C0
TrID	64.7% (.EXE) UPX compressed Win64 Executable (70117/5/12) 25.0% (.EXE) UPX compressed Win32 Executable (27066/9/6) 4.6% (.EXE) Win16 NE executable (generic) (5038/12/1) 1.8% (.EXE) OS/2 Executable (generic) (2029/13) 1.8% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter	openctibr
Tags:	exe OpenCTI.BR Sandboxed YTStealer

Intelligence

File Origin

# of uploads :

2

# of downloads :

240

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

acbd6173a4cc040b91a810e060e06fcc

Verdict:

No threats detected

Analysis date:

2022-07-15 06:23:46 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/1857d4a1-6f07-4bd1-b025-4e594f415ffd

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/289241/

Result

Verdict:

Clean

Maliciousness:

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

anti-debug packed

Link:

https://www.filescan.io/uploads/62d0d96001fde6ede682d94e/reports/46e08332-e5c3-49f6-80a3-3e73cb6cf01c/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/65e13af3-4358-4ffa-9c7f-4e0fe49d6210

Result

Threat name:

Unknown

Detection:

malicious

Classification:

spyw

Score:

52 / 100

Link:

https://www.joesandbox.com/analysis/1032273

Signature

Multi AV Scanner detection for submitted file

Tries to harvest and steal browser information (history, passwords, etc)

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/41b141e122bd86a5c4279094916564759cc342ae3b95fffd80af4b9676aa61b7/

Threat name:

Win64.Infostealer.BroPass

Status:

Malicious

First seen:

2022-07-15 03:04:23 UTC

File Type:

PE+ (Exe)

Extracted files:

3

AV detection:

10 of 25 (40.00%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=igyudyjcxwdklrbhsckjczleowomgqvohok777mav5fzm5vkmg3q._file

Verdict:

unknown

Similar samples:

0b251371b4891fe08157e6b9c84e0267a8c6d33cad2b2a06702c8f2f62381bda

1e061432a06c9e4935cd837118e5d68d79ec6c6bbdddcc40d8682e50db7344fa

2c7e8a9b546f7c133469fabcfc200e5ab79da84ffa180fda9e088bc5476af860

2dde8c2841248eedeec0a51cde97d147760c02e2d60d6f4d4f48758c0f3b6ea7

44da6217702a77c01ed9735e67d6fffee11de2298aaaea899ddbc39da26460e0

4cbe62ea4c09d6e5ff8141917c8caa78029e64b27475332b8dd372f0a989d981

f44e2bfd257642476ebf429b346286b34178bb0de9118e24c3503b4235b2af50

+ 125 additional samples on MalwareBazaar

Result

Malware family:

ytstealer

Score:

10/10

Tags:

family:ytstealer spyware stealer upx

Link:

https://tria.ge/reports/220715-dkmj5sgab8/

Behaviour

Reads user/profile data of web browsers

UPX packed file

YTStealer

YTStealer payload

Unpacked files

SH256 hash:

c7ace972999fa0227bad579eb1f22b060dbac9186c34ed6e8758d523758fe3fb

MD5 hash:

15318f5df43feed13a14ca592c5be5a9

SHA1 hash:

4d52396e2488122086010465a3ec38985807f427

Link:

https://www.unpac.me/results/168b78f4-8832-4990-9c28-8c5ec614a395/

SH256 hash:

41b141e122bd86a5c4279094916564759cc342ae3b95fffd80af4b9676aa61b7

MD5 hash:

acbd6173a4cc040b91a810e060e06fcc

SHA1 hash:

6e2b476be8b361e8c1e5bb14efe5d3842b4d7ca3

Link:

https://www.unpac.me/results/168b78f4-8832-4990-9c28-8c5ec614a395/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/41b141e122bd86a5c4279094916564759cc342ae3b95fffd80af4b9676aa61b7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/289241/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample