crealstealer | 32dcea8205246641ce6ee29230abd4bc1eced872d07c6dbdcdfb9594461638a0 | Triage

Sharing

General

Target

Wentox_2.exe
Size

14.5MB
Sample

231118-zlg7psge3s
MD5

751de345e19bb3cb40cbfc134b23ff19
SHA1

bf55048913da95a00f19b8c9e3f15aefb21bebde
SHA256

32dcea8205246641ce6ee29230abd4bc1eced872d07c6dbdcdfb9594461638a0
SHA512

94d0f7712945dab68977a79a379d7e20536ba2745da04e0db2e9a9364597390e62054119d6f0fdd9b82cc758ebf52a3a2dee21c94f0bf13cf817338de41e1cfd
SSDEEP

393216:BiIE7YoPQPdQuslSq99oWOv+9fgK6nttAlg:u7rPQPdQuSDorvSYK6nkl

Score

10^/10

crealstealer pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  Wentox_2.exe
- Size
  
  14.5MB
- MD5
  
  751de345e19bb3cb40cbfc134b23ff19
- SHA1
  
  bf55048913da95a00f19b8c9e3f15aefb21bebde
- SHA256
  
  32dcea8205246641ce6ee29230abd4bc1eced872d07c6dbdcdfb9594461638a0
- SHA512
  
  94d0f7712945dab68977a79a379d7e20536ba2745da04e0db2e9a9364597390e62054119d6f0fdd9b82cc758ebf52a3a2dee21c94f0bf13cf817338de41e1cfd
- SSDEEP
  
  393216:BiIE7YoPQPdQuslSq99oWOv+9fgK6nttAlg:u7rPQPdQuSDorvSYK6nkl
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1
- Target
  
  Creal.pyc
- Size
  
  29KB
- MD5
  
  d0dbc4409640abdb4d48a4443d3bbdd1
- SHA1
  
  dcfb4e2f0e812830ddc21ad701a585e4a5036e0a
- SHA256
  
  847e784e3765d870ff1170e90ea61b856e02b4e25be6fa01d3677f3db5eda328
- SHA512
  
  9d30b8b06007f38e08f217fff518a9056b1cd6b3958a45763cec8811f55db416bb08b1db54e87d280737b2bd7cdb62074c18946f0a2dc128beb7c060d9baa0ae
- SSDEEP
  
  768:3+lVSjnrkD2VsfNEiyAuMMIfznTZMdpV7ISrx5HwtvK17Cvr:30SDrkne3uzTZMB7aK176r
Score

3^/10
behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

pyinstallercrealstealer

behavioral1

behavioral2