MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cecc58f7e5b69e0b2159f68ca5ee38f36b59a0adbe36f8a93e791f8788488fb5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


YTStealer


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cecc58f7e5b69e0b2159f68ca5ee38f36b59a0adbe36f8a93e791f8788488fb5
SHA3-384 hash: a991aba4edb61979acc653e17ec222d66f17728d41b30b258ae7dee5a4b5d0023d8677895fdf662899583d63a787b5f4
SHA1 hash: 313327e368810eae000d565f642a33ae3fc47fef
MD5 hash: 54d16b2bd83331c4512e3392271ac098
humanhash: johnny-mango-undress-charlie
File name:SecuriteInfo.com.Trojan.GenericKD.61281284.9987.20867
Download: download sample
Signature YTStealer
Create hunting rule
File size:4'228'608 bytes
First seen:2022-08-31 13:36:56 UTC
Last seen:2023-08-26 21:32:00 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 9aebf3da4677af9275c461261e5abde3 (25 x YTStealer, 12 x CobaltStrike, 11 x Hive)
ssdeep 98304:aMXrxoP12YqQvOY3bpQQThqO04uQtXrLG+O/ee1:ayxoPgKvdlZ2utXrS+i
TLSH T103163360DDC9EF25D787AF70D51E78B47A4326F542A4892D92D33CE185D82C0AF9BA02
TrID 64.7% (.EXE) UPX compressed Win64 Executable (70117/5/12)
25.0% (.EXE) UPX compressed Win32 Executable (27066/9/6)
4.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
1.8% (.EXE) OS/2 Executable (generic) (2029/13)
1.8% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter SecuriteInfoCom
Tags:exe YTStealer

Intelligence

File Origin
# of uploads :
2
# of downloads :
250
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
redline
Create hunting rule
ID:
1
File name:
installer.exe
Verdict:
Malicious activity
Analysis date:
2022-08-13 01:50:32 UTC
Tags:
trojan evasion redline socelars stealer opendir loader rat raccoon recordbreaker arkei
Link:
https://app.any.run/tasks/94070ef8-e85e-41ec-ae9d-d722463be449

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/306857/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.61281284.9987.20867.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Launching a process
Creating a process with a hidden window
Using the Windows Management Instrumentation requests
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-debug packed
Link:
https://www.filescan.io/uploads/630f6448a7450371f691a514/reports/c898a518-3bde-4b40-977e-8b099c9ea5bb/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
YTStealer
Create hunting rule
Detection:
malicious
Classification:
troj.evad.spyw
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/1061749
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cecc58f7e5b69e0b2159f68ca5ee38f36b59a0adbe36f8a93e791f8788488fb5/
Threat name:
Win64.Infostealer.BroPass
Create hunting rule
Status:
Malicious
First seen:
2022-08-13 17:54:00 UTC
File Type:
PE+ (Exe)
Extracted files:
1
AV detection:
17 of 26 (65.38%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=z3gfr57fw2pawikz62gkl3ry6nvvtifnxy3prkj6pepypccir62q._file
Result
Malware family:
ytstealer
Create hunting rule
Score:
  10/10
Tags:
family:ytstealer spyware stealer upx
Link:
https://tria.ge/reports/220831-qwsxhsgfe3/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Reads user/profile data of web browsers
UPX packed file
YTStealer
YTStealer payload
Unpacked files
SH256 hash:
75b6cc0da62e39ab9da5c49a385c7f72f6092809c19d69e62fa15109d7a01231
MD5 hash:
2b5c865f1ba09394feceb199c62a8246
SHA1 hash:
4092fdaaac6523ea9c55e83d02b2b8d4046a38fd
Link:
https://www.unpac.me/results/74154142-2b32-4f76-a756-620b7fbe2555/
SH256 hash:
cecc58f7e5b69e0b2159f68ca5ee38f36b59a0adbe36f8a93e791f8788488fb5
MD5 hash:
54d16b2bd83331c4512e3392271ac098
SHA1 hash:
313327e368810eae000d565f642a33ae3fc47fef
Link:
https://www.unpac.me/results/74154142-2b32-4f76-a756-620b7fbe2555/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/cecc58f7e5b69e0b2159f68ca5ee38f36b59a0adbe36f8a93e791f8788488fb5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

YTStealer

Executable exe cecc58f7e5b69e0b2159f68ca5ee38f36b59a0adbe36f8a93e791f8788488fb5

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2286544/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/306857/

Comments