crealstealer | 6834e4f3defe1566f5c9fe9b25e8ae29144fcdf16115e14204e29d6ff4efe111 | Triage

Submit
Reports

Overview

overview

Static

static

FortniteCracker.zip

windows10-1703-x64

7

Resubmissions

20-12-2023 11:03

231220-m5z6eacchl 10

20-12-2023 10:43

231220-mscvcabbap 10

Sharing

General

Target

FortniteCracker.zip
Size

14.5MB
Sample

231220-m5z6eacchl
MD5

2ef3a170a6ea1af02de2a4058a39e169
SHA1

1ff2ae2aa8d61fe1c1396dc3ef1a30cf2b5ccbb2
SHA256

6834e4f3defe1566f5c9fe9b25e8ae29144fcdf16115e14204e29d6ff4efe111
SHA512

0ce07ce55ee70e2de8f200fb6ccfb1502b5c47afcc8dc2add2546c01b88e4e926030348b0571225c569773e1a76ea154f9cfa6908d5c6b1677bf4cab6fe01cf5
SSDEEP

393216:fR2ZWVhMDn1Owyi7OCg0YrCjjWwVv2csMcX:wZ8hMT1Ow9yCg5rGWwVDsnX

Score

10^/10

crealstealer pyinstaller spyware stealer

Static task

static1

pyinstaller crealstealer

4 signatures

Behavioral task

behavioral1

Sample

FortniteCracker.zip

Resource

win10-20231215-en

pyinstaller spyware stealer

windows10-1703-x64

26 signatures

1800 seconds

Malware Config

Targets

- Target
  
  FortniteCracker.zip
- Size
  
  14.5MB
- MD5
  
  2ef3a170a6ea1af02de2a4058a39e169
- SHA1
  
  1ff2ae2aa8d61fe1c1396dc3ef1a30cf2b5ccbb2
- SHA256
  
  6834e4f3defe1566f5c9fe9b25e8ae29144fcdf16115e14204e29d6ff4efe111
- SHA512
  
  0ce07ce55ee70e2de8f200fb6ccfb1502b5c47afcc8dc2add2546c01b88e4e926030348b0571225c569773e1a76ea154f9cfa6908d5c6b1677bf4cab6fe01cf5
- SSDEEP
  
  393216:fR2ZWVhMDn1Owyi7OCg0YrCjjWwVv2csMcX:wZ8hMT1Ow9yCg5rGWwVDsnX
Score

7^/10

pyinstaller spyware stealer
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

pyinstallercrealstealer

behavioral1

pyinstallerspywarestealer

© 2018-2025

Terms | Privacy