MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a54ac89930406913a3b0b3b8e3ef738135a9b7fa54b01578f870e26ee9f99efb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


YTStealer


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a54ac89930406913a3b0b3b8e3ef738135a9b7fa54b01578f870e26ee9f99efb
SHA3-384 hash: 18ebdf29bf85f8ffe38427ca1f09a219f7e59ced52f6225b2804b7872e24ab6b7dcfe6fa5c98584224ef6d7c8618b59b
SHA1 hash: ddd7c01b07939751f734c1e9b7aa17853447e02c
MD5 hash: 47b29465bb5fcbbd899f1d98af193f06
humanhash: purple-undress-hamper-kilo
File name:SecuriteInfo.com.Trojan.GenericKD.61289912.19669.5500
Download: download sample
Signature YTStealer
Create hunting rule
File size:4'228'608 bytes
First seen:2022-08-31 08:45:35 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 9aebf3da4677af9275c461261e5abde3 (25 x YTStealer, 12 x CobaltStrike, 11 x Hive)
ssdeep 98304:556qNnHwRAd/G/dzWR6bn0RqGUvxf9g+9wZbgVA4GYaBD/zgEbSCxj:55XQN1zTreqGsxD5VtGYa1/
TLSH T1E316332A01914E14D07565FBCF9283DB59BA4127E7AE378F2ED82EE101DC25699A2F30
TrID 64.7% (.EXE) UPX compressed Win64 Executable (70117/5/12)
25.0% (.EXE) UPX compressed Win32 Executable (27066/9/6)
4.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
1.8% (.EXE) OS/2 Executable (generic) (2029/13)
1.8% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter SecuriteInfoCom
Tags:exe YTStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
253
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
redline
Create hunting rule
ID:
1
File name:
Roblox executorr.zip
Verdict:
Malicious activity
Analysis date:
2022-08-21 11:02:44 UTC
Tags:
trojan rat redline
Link:
https://app.any.run/tasks/1ba6e5f7-4319-4958-a1bb-1aa6c011dfe1

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/306755/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.61289912.19669.5500.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Launching a process
Creating a process with a hidden window
Using the Windows Management Instrumentation requests
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-debug packed
Link:
https://www.filescan.io/uploads/630f1fe2e87b88e71be72303/reports/1db95c15-c1f3-4b3b-89b3-a1b32d912209/overview
Result
Verdict:
MALICIOUS
Result
Threat name:
YTStealer
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/1061436
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a54ac89930406913a3b0b3b8e3ef738135a9b7fa54b01578f870e26ee9f99efb/
Threat name:
Win64.Infostealer.BroPass
Create hunting rule
Status:
Malicious
First seen:
2022-08-14 15:46:29 UTC
File Type:
PE+ (Exe)
Extracted files:
1
AV detection:
17 of 26 (65.38%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=uvfmrgjqiburhi5qwo4oh33tqe22tn72ksybk6hyodrg52pzt35q._file
Result
Malware family:
ytstealer
Create hunting rule
Score:
  10/10
Tags:
family:ytstealer spyware stealer upx
Link:
https://tria.ge/reports/220831-kpbf1abgcj/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Reads user/profile data of web browsers
UPX packed file
YTStealer
YTStealer payload
Unpacked files
SH256 hash:
5f9e7a5e1e88860ce745722ba407a1242e972ad8958c17d4527f80f355835faf
MD5 hash:
107fa2c11f2fe84044b8bde970ed70e3
SHA1 hash:
573fad210fbff9354ca0c2911309c4399660f030
Link:
https://www.unpac.me/results/a92f598d-d1c8-4677-aca1-6764b1d08980/
SH256 hash:
a54ac89930406913a3b0b3b8e3ef738135a9b7fa54b01578f870e26ee9f99efb
MD5 hash:
47b29465bb5fcbbd899f1d98af193f06
SHA1 hash:
ddd7c01b07939751f734c1e9b7aa17853447e02c
Link:
https://www.unpac.me/results/a92f598d-d1c8-4677-aca1-6764b1d08980/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

YTStealer

Executable exe a54ac89930406913a3b0b3b8e3ef738135a9b7fa54b01578f870e26ee9f99efb

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2286203/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/306755/

Comments