crealstealer | 0482b05f04e2e927d22771dd5ee50c54a9809662f2d5267c703ffe0f21ee2a1a | Triage

Sharing

General

Target

𝗟𝗘𝗩𝗜𝗔𝗧𝗛𝗔𝗡 𝗫.exe
Size

10.5MB
Sample

231009-er3qdacd74
MD5

87afff19d39a109c3a15baae86f3bbc3
SHA1

4054481f13a803a732066a1a02cb8ab787cf1bce
SHA256

0482b05f04e2e927d22771dd5ee50c54a9809662f2d5267c703ffe0f21ee2a1a
SHA512

dce189d8da04860dd593ff172de8d65dfdd1bac856df6129717115a6a132a168a566125850169d2343a9f990ed62ae476b0c0ad26125e5702cac59a6dfded4d6
SSDEEP

196608:JALYiIE7SRpo8flzudQmRJ8dA6lSuqaycBIGpEKo6hTOv+QKfS4x+GlCFMuljA:iYiIE7YoxdQuslSq9DoWOv+9fS49CFM0

Score

10^/10

crealstealer pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  𝗟𝗘𝗩𝗜𝗔𝗧𝗛𝗔𝗡 𝗫.exe
- Size
  
  10.5MB
- MD5
  
  87afff19d39a109c3a15baae86f3bbc3
- SHA1
  
  4054481f13a803a732066a1a02cb8ab787cf1bce
- SHA256
  
  0482b05f04e2e927d22771dd5ee50c54a9809662f2d5267c703ffe0f21ee2a1a
- SHA512
  
  dce189d8da04860dd593ff172de8d65dfdd1bac856df6129717115a6a132a168a566125850169d2343a9f990ed62ae476b0c0ad26125e5702cac59a6dfded4d6
- SSDEEP
  
  196608:JALYiIE7SRpo8flzudQmRJ8dA6lSuqaycBIGpEKo6hTOv+QKfS4x+GlCFMuljA:iYiIE7YoxdQuslSq9DoWOv+9fS49CFM0
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1
- Target
  
  Creal.pyc
- Size
  
  29KB
- MD5
  
  c7c26623053f02421164359700451150
- SHA1
  
  6bac0de47abd0e4e5f0e247f3b1a0b3f3577fdbf
- SHA256
  
  185c0898330917a3cb2a696bf2cc4639b7d106a42c1fc989ac025580e7853132
- SHA512
  
  6b5412275f4ae6d6979bb127db0f4777a6aa31838da7c1376be85a231a533f891671016510b8cfb9e7cb8a718b20d569c2de50f62bcfcece45a2889373cecae4
- SSDEEP
  
  768:3+lVSjnrL2VsfNEiyAuMMIfznTZMdpV7ISrx5HwtvK17Cvr:30SDr/e3uzTZMB7aK176r
Score

3^/10
behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

pyinstallercrealstealer

behavioral1

behavioral2