crealstealer | b2b7b8496cba142081642e58e6533bffaaa9a56418294b0471c7fdc1ad428056 | Triage

Sharing

General

Target

Crealspoofer.exe
Size

15.8MB
Sample

231213-pcf8yadhe4
MD5

e520f7912ecb8353fbd32bc3efd950f5
SHA1

3d38633515d7b1cd78915b05aae9ab61cc948f42
SHA256

b2b7b8496cba142081642e58e6533bffaaa9a56418294b0471c7fdc1ad428056
SHA512

780243b827734ca42a5c532c61bc2b4337ce3410c35d73ea724f8499a3463b67083290fdd76755320bacb727752d86f9143f9c528e98b7205d46afb89b07561e
SSDEEP

393216:giIE7Yo9+4uOwKntpUTLfhJsW+eGQRe9jo7BGcG/3JrO0WCWLu:h7r9+RONHUTLJSW+e5Re9M0VWLu

Score

10^/10

crealstealer pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  Crealspoofer.exe
- Size
  
  15.8MB
- MD5
  
  e520f7912ecb8353fbd32bc3efd950f5
- SHA1
  
  3d38633515d7b1cd78915b05aae9ab61cc948f42
- SHA256
  
  b2b7b8496cba142081642e58e6533bffaaa9a56418294b0471c7fdc1ad428056
- SHA512
  
  780243b827734ca42a5c532c61bc2b4337ce3410c35d73ea724f8499a3463b67083290fdd76755320bacb727752d86f9143f9c528e98b7205d46afb89b07561e
- SSDEEP
  
  393216:giIE7Yo9+4uOwKntpUTLfhJsW+eGQRe9jo7BGcG/3JrO0WCWLu:h7r9+RONHUTLJSW+e5Re9M0VWLu
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2
- Target
  
  Creal.pyc
- Size
  
  48KB
- MD5
  
  fb62930e6ae9cc02a24ef99eb2b7c875
- SHA1
  
  b174779c7c41cddd82179c844a5491cd7ae04f5b
- SHA256
  
  b9d4528820c46ac5e412a20d928bb7b69bf1306ba0654bbd621a558c8bc6a17a
- SHA512
  
  3c80c371a2f3cbb1c6a1f381ae9f667180e6712fb551ba29791e67358e3b78ad595af6110954fe41593325ec119fa299f83fc3ef95c8469e43b0760f6fa9e9b7
- SSDEEP
  
  768:PpFnrdEya7K+aTMdcmrVWwzO/phReWdXEXuGtz07VOZZ4GQmGw8jt4xMao3Q1:/r1aqMamgphoWdUeOPZZ4GQmGwWaoA
Score

3^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

pyinstallercrealstealer

behavioral1

behavioral2

behavioral3

behavioral4