crealstealer | e45d9783e91c4af4861345ba9f21a76fee550147804cc0d9fc5f742f1d9c8b3a | Triage

Resubmissions

21-09-2023 17:49

230921-wdzv1ahf5w 10

21-09-2023 17:47

230921-wc9zksbf87 10

19-09-2023 14:09

230919-rf6zwabe79 10

Sharing

General

Target

advertising.exe
Size

19.9MB
Sample

230919-rf6zwabe79
MD5

1602161a628878a7ed669947e0cbfb51
SHA1

50522bfc2ccd102abe24c6161d648cb689809dce
SHA256

e45d9783e91c4af4861345ba9f21a76fee550147804cc0d9fc5f742f1d9c8b3a
SHA512

cea3c8ce6798406d4d2ae1409c644285f125a0708b1c99fb00e2497e6d4c7f130e68e1cc855d8e7b61fca7e333db0234725232169adc093ea0b98ea72e15a6e5
SSDEEP

393216:TiIE7YoPQtsT4Hr7M5li8k3meCcGfd0NYMbkf76lCOdSx:A7rPQtscL7M5lDaY5F0NY2x2

Score

10^/10

crealstealer pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  advertising.exe
- Size
  
  19.9MB
- MD5
  
  1602161a628878a7ed669947e0cbfb51
- SHA1
  
  50522bfc2ccd102abe24c6161d648cb689809dce
- SHA256
  
  e45d9783e91c4af4861345ba9f21a76fee550147804cc0d9fc5f742f1d9c8b3a
- SHA512
  
  cea3c8ce6798406d4d2ae1409c644285f125a0708b1c99fb00e2497e6d4c7f130e68e1cc855d8e7b61fca7e333db0234725232169adc093ea0b98ea72e15a6e5
- SSDEEP
  
  393216:TiIE7YoPQtsT4Hr7M5li8k3meCcGfd0NYMbkf76lCOdSx:A7rPQtscL7M5lDaY5F0NY2x2
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2
- Target
  
  Creal.pyc
- Size
  
  127KB
- MD5
  
  44c85d3d087330a3e850d38f6c8c21a5
- SHA1
  
  edc286da0ae5b707b8d2bfecec45e0a2462179fe
- SHA256
  
  33dbc89850480d29799c784fe49c495f5916c915ce143395e3eab526dde357f5
- SHA512
  
  ea02e050f8cdbec3b07a08eabfbc5f82c0c15e242d63e44ed50a09d3c01730929ce9144d32ec808c8b62b54178e09379c88bfb08d151320796385dacb7920c8b
- SSDEEP
  
  3072:TO+5IxGJdOiq3y5mdfVnRZCi8jzCVyWm7mEK6ONBxzZmBh9eJv97ezujYM9S:oCdV6y5gfVRZCPxWm4RZzyh94vxezuj2
Score

3^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

pyinstallercrealstealer

behavioral1

behavioral2

behavioral3

behavioral4