crealstealer | c1c8fea0e069366eb0d63df49fb9904cf534abd0c116988026f1d51bd1256481 | Triage

Sharing

General

Target

BetaMarsExoplorerVR.zip
Size

15.0MB
Sample

231029-sbyclsaa34
MD5

0ca8c38c19099ebe5a50530f1259ffec
SHA1

200af39362eeaec812c3e0d97849607c99246abf
SHA256

c1c8fea0e069366eb0d63df49fb9904cf534abd0c116988026f1d51bd1256481
SHA512

dfdfb267cca7c79719455e523948ed47428d2f62ca7b1978e1c7a6143efea93295271c27510fdf4b49caf12e134881a1349ed9cac335cb40a91edb2e367e4f8d
SSDEEP

393216:eDoZW9+lLy5NYfwgnq/YiYJYce0upszlZoRrm:eDv9QyDYfwGkYrJXupsnoY

Score

10^/10

crealstealer pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  BetaMarsExoplorerVR/BetaMarsExperience.exe
- Size
  
  15.2MB
- MD5
  
  fb2e0675f62543e3f0e2262b0f616323
- SHA1
  
  7b1e25dbb3d51c658eb2d23f905aef4f52793f94
- SHA256
  
  dae96a849214af20f1addbbffaad7c3e923815c14f12fbb6d90389e6d75fc6f8
- SHA512
  
  8a7e3cd0587ff74ab9037b41b625bccf1d3af483de460fe1e20c7352e310f03f3b4121b89e1a7bdb8dc2ab9aae51c3266fa01e699d249b000bf55794bf9b1b73
- SSDEEP
  
  393216:FlUiIE7YoPQqTCdQuslSq99oWOv+9qDgxMljGuu:Flt7rPQuCdQuSDorvSfxMsu
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2
- Target
  
  Creal.pyc
- Size
  
  220KB
- MD5
  
  14def510f396df19f10063ca185bd254
- SHA1
  
  cd0e637dbe225f3e8be23eb23f5b29abf920c2f9
- SHA256
  
  caddf43a8eb1f1d5edc69cbf9b7a7085a1cef7dab5e0eaf5dff2c8435d724f9a
- SHA512
  
  588850e8a8e2ba584ebbd282ac5129f2d2adc2b12f76eaece65ee9df4b82d4c67a4343ba4b5eb71c6756011a4691c26f22b5cde02e328dff75248ea0e126444b
- SSDEEP
  
  3072:SDpe3uz0BCvyUq+fF6tUQvud4HMA9iWHpxz/PiPEQRmyqdSqZwow0F/JN76u7Tu:S9zWCvSiPHRmyk9ZtF/Cu7y
Score

3^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

pyinstallercrealstealer

behavioral1

behavioral2

behavioral3

behavioral4