crealstealer | 326985d1bc5a680d30b9140ff3a12b7603a8397b9e873dfd83fd9e96e4e17f5a | Triage

Sharing

General

Target

Executor.exe
Size

13.1MB
Sample

231111-t5azvahh4s
MD5

69377ed2d8fd217dc312999ff7ac7b6c
SHA1

219ce0ed3d23394f7d2ce92453be8173038f2938
SHA256

326985d1bc5a680d30b9140ff3a12b7603a8397b9e873dfd83fd9e96e4e17f5a
SHA512

0a9213edcbf8f36f2a03b810966a849f187034fdec717c96fe8e1c0d67de8cdb6fe884f23fd2bb989c1e326800805f5a962c62bd5fa97c439560f990077fe400
SSDEEP

393216:eiIE7Yo9+4uOw6wW+eGQRJ9jo7BGcG6aJKt/WorLP:f7r9+RONwW+e5RJ9MrprLP

Score

10^/10

crealstealer pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  Executor.exe
- Size
  
  13.1MB
- MD5
  
  69377ed2d8fd217dc312999ff7ac7b6c
- SHA1
  
  219ce0ed3d23394f7d2ce92453be8173038f2938
- SHA256
  
  326985d1bc5a680d30b9140ff3a12b7603a8397b9e873dfd83fd9e96e4e17f5a
- SHA512
  
  0a9213edcbf8f36f2a03b810966a849f187034fdec717c96fe8e1c0d67de8cdb6fe884f23fd2bb989c1e326800805f5a962c62bd5fa97c439560f990077fe400
- SSDEEP
  
  393216:eiIE7Yo9+4uOw6wW+eGQRJ9jo7BGcG6aJKt/WorLP:f7r9+RONwW+e5RJ9MrprLP
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2
- Target
  
  Creal.pyc
- Size
  
  48KB
- MD5
  
  0fe357b7b7eef2e06a42cafa2e362a98
- SHA1
  
  7e02240ebde56530ef9057623cbef2e4389df706
- SHA256
  
  78fd3d61012017a50eb3d00d6179ce90096b94592ea8834a2c23a2296fea36c5
- SHA512
  
  976ddc13710f6199e75e4d7a5476096eaa736c741ed00d998860ac08e3e4431aaca7666cb66ced42c4aba6ed83df346e44a40e61c0a78ff0877a46d560ac600c
- SSDEEP
  
  768:PpFnrHya7K+aTMdcmrVWwzO/phReWdXEXuGtz07VOZZ4GQmGw8jt4xMao3Q1:/rSaqMamgphoWdUeOPZZ4GQmGwWaoA
Score

3^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

pyinstallercrealstealer

behavioral1

behavioral2

behavioral3

behavioral4