crealstealer | 873b1c0b0543b362897be1ccbbb04ed40065ab3aa380798d242b9854dab8c631 | Triage

Sharing

General

Target

RC7_cracked.exe
Size

14.3MB
Sample

230924-j8egbseg68
MD5

579283ef8b916d0f52d60ae0a762374d
SHA1

2a02a559aabd59234659bfd0565f3609bbe95ee7
SHA256

873b1c0b0543b362897be1ccbbb04ed40065ab3aa380798d242b9854dab8c631
SHA512

c39e1822dcc4fb501d03f406e0757d91795f8ebdd86cca430225cc4992f1049a583ae9dab3f6673fa734284ef91023eae731cf6b88940476d172e99ed672f79c
SSDEEP

196608:8UJefPndQmRJ8dA6l10sKYu/PaQ+uqaycBIGpEqo6hTOv+QKfOJTDuEymOmhcY/m:DJYndQusl7Q+q9RoWOv+9fa2qquyYyn

Score

10^/10

crealstealer pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  RC7_cracked.exe
- Size
  
  14.3MB
- MD5
  
  579283ef8b916d0f52d60ae0a762374d
- SHA1
  
  2a02a559aabd59234659bfd0565f3609bbe95ee7
- SHA256
  
  873b1c0b0543b362897be1ccbbb04ed40065ab3aa380798d242b9854dab8c631
- SHA512
  
  c39e1822dcc4fb501d03f406e0757d91795f8ebdd86cca430225cc4992f1049a583ae9dab3f6673fa734284ef91023eae731cf6b88940476d172e99ed672f79c
- SSDEEP
  
  196608:8UJefPndQmRJ8dA6l10sKYu/PaQ+uqaycBIGpEqo6hTOv+QKfOJTDuEymOmhcY/m:DJYndQusl7Q+q9RoWOv+9fa2qquyYyn
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1
- Target
  
  Creal.pyc
- Size
  
  524KB
- MD5
  
  472e612cda20dae3d0950fb0d5b2be2f
- SHA1
  
  e556ff04f12d56143076660cb732c5e8b6b675a7
- SHA256
  
  b659a86530597fe62c30c5a306bc239f9254cfd7d00717d01e11a506896365ea
- SHA512
  
  a93ab95bb119930c7a81013780d6396194f974806d517a8f758242a9aa21068bebc2715753beaccdb36b2a6708c711f05754c767800038d9ce4422fdef9a120e
- SSDEEP
  
  12288:rqFwRTMlDQrZZoJDE5slQ5Hsl9Ej3zVwyzAMNxDGgyJrx:2WTMVQrQA5sbx
Score

3^/10
behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

pyinstallercrealstealer

behavioral1

behavioral2