crealstealer | 139ef1acfc915e1a6663fa5cb60bec9121c18f037e099149eeaeaddd2c621dcb | Triage

Submit
Reports

Overview

overview

Static

static

DaisyEra.exe

windows11-21h2-x64

7

Creal.pyc

windows11-21h2-x64

3

Sharing

General

Target

DaisyEra.exe
Size

13.4MB
Sample

231220-1tlerseeep
MD5

695285d95cbe8e31fb62a08527338ffc
SHA1

45ee7b71b6508b792526c259d2c672cdda19071e
SHA256

139ef1acfc915e1a6663fa5cb60bec9121c18f037e099149eeaeaddd2c621dcb
SHA512

b267f9b40c213bcdc2ed57a44f0fd74268782d80035d79fc48cda5c7537a3749fb86291967da3ef2e3694b60c117f6021e0c21461ee5af3dd0b50ce495e267c7
SSDEEP

393216:EiIE7YoK4vk3meBcGfdlYMiSJk6Fv18X1dd:d7rfvaT5FlYqJj0

Score

10^/10

crealstealer pyinstaller spyware stealer

Static task

static1

pyinstaller crealstealer

4 signatures

Behavioral task

behavioral1

Sample

DaisyEra.exe

Resource

win11-20231215-en

spyware stealer

windows11-21h2-x64

9 signatures

1800 seconds

Behavioral task

behavioral2

Sample

Creal.pyc

Resource

win11-20231215-en

windows11-21h2-x64

8 signatures

1800 seconds

Malware Config

Targets

- Target
  
  DaisyEra.exe
- Size
  
  13.4MB
- MD5
  
  695285d95cbe8e31fb62a08527338ffc
- SHA1
  
  45ee7b71b6508b792526c259d2c672cdda19071e
- SHA256
  
  139ef1acfc915e1a6663fa5cb60bec9121c18f037e099149eeaeaddd2c621dcb
- SHA512
  
  b267f9b40c213bcdc2ed57a44f0fd74268782d80035d79fc48cda5c7537a3749fb86291967da3ef2e3694b60c117f6021e0c21461ee5af3dd0b50ce495e267c7
- SSDEEP
  
  393216:EiIE7YoK4vk3meBcGfdlYMiSJk6Fv18X1dd:d7rfvaT5FlYqJj0
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1
- Target
  
  Creal.pyc
- Size
  
  55KB
- MD5
  
  918e51562ddd0e1a6c055a92abfab29b
- SHA1
  
  4028ce469058e3b400f70d99bf6014fba7823489
- SHA256
  
  67a3ca7b8769c9dd4d7a4b91e91a624937858f5eb3bdec20289fbce2a4e3a23d
- SHA512
  
  a40e06c2b15a76ec0993c98aa8c957f8f6c7d9822dd1d5cdd809f2d02a8878e292b81bd299fdb311afe3be39f7cba3171d37b261ffaa9cf16bd1621ea953b9a4
- SSDEEP
  
  768:s7WnrnpVIVzgN9+X6WYP1VxcwyWb5ttmPXFFYaoef8GM8ZKGeiq3+ee3eb3sO:DrDr+5IxcQKXFFYadzCiq3yeb3D
Score

3^/10
behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

pyinstallercrealstealer

behavioral1

behavioral2

© 2018-2025

Terms | Privacy