crealstealer | b03c3ec6a842ad7548717a0099cc14d938c7da2ee33796ca7119989d4b795c99 | Triage

Sharing

General

Target

rosetracker.exe
Size

19.1MB
Sample

231017-1nhrpahe5s
MD5

6931186e23c622ffb48c4a927d86f648
SHA1

bdd6200fd58d979708e2dcc598998098122cc4be
SHA256

b03c3ec6a842ad7548717a0099cc14d938c7da2ee33796ca7119989d4b795c99
SHA512

9ff441d096c040593a426c5a8f85c7cc444ada8c8d838420e7e48f5cfed1766b66413f9d754d135ebc1215f475ba88b35823c72aaec9ad711087b152fce81de2
SSDEEP

393216:JWqu7L/sQqTIKKmr2pu0tTtdQuslSl99oWOv+9qDZ1XaoI2St:gqCL0QuIKKmr2puI5dQu9DorvSC1FIL

Score

10^/10

crealstealer pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  rosetracker.exe
- Size
  
  19.1MB
- MD5
  
  6931186e23c622ffb48c4a927d86f648
- SHA1
  
  bdd6200fd58d979708e2dcc598998098122cc4be
- SHA256
  
  b03c3ec6a842ad7548717a0099cc14d938c7da2ee33796ca7119989d4b795c99
- SHA512
  
  9ff441d096c040593a426c5a8f85c7cc444ada8c8d838420e7e48f5cfed1766b66413f9d754d135ebc1215f475ba88b35823c72aaec9ad711087b152fce81de2
- SSDEEP
  
  393216:JWqu7L/sQqTIKKmr2pu0tTtdQuslSl99oWOv+9qDZ1XaoI2St:gqCL0QuIKKmr2puI5dQu9DorvSC1FIL
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1
- Target
  
  Creal.pyc
- Size
  
  123KB
- MD5
  
  720892b0d875114932f6af05230e17c5
- SHA1
  
  ab330a6b4f6b92d74405ef9638d250b1ce9badbb
- SHA256
  
  876d925711288852511a6d5fc096d367e45133ef5a530bc0f02631a0a237bb2f
- SHA512
  
  632cd35f464761bdba26e7a6c973e267223cd226a2db99f377e5e32de814b7e54fcbb98b620ac420c0c18b2a4d96c95b23ca29f059a9e5f36b3ffde6258eaf8b
- SSDEEP
  
  3072:yPDwe3uz0ha/acLWuTjkd0Zc1UZPM1ojG:q6z2kTjvPM1oa
Score

3^/10
behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

pyinstallercrealstealer

behavioral1

behavioral2