crealstealer | 367e6943901a7a573bde560b7a97216af66ef985bd1b7c37a525c9c6fd3b8436 | Triage

Sharing

General

Target

C4lexFckingC4cked.exe
Size

10.2MB
Sample

240106-psklasgdcr
MD5

298004294ffdb857920787bb81effda9
SHA1

7239c9a132daf3a2ed11345772bb43c5fc9619d9
SHA256

367e6943901a7a573bde560b7a97216af66ef985bd1b7c37a525c9c6fd3b8436
SHA512

59162ec2f6ed1c523514fcc9da07fffd6394d3c6c7689bf36145fd3bf827fbc6dfa97a8b104dd394a549ddff5f2dd8eafc96f7532764e6a847070247d94f271a
SSDEEP

196608:E0EiIE7SRpoIEDn61W903eV4QR7MToEuGxgh858F0ibfU36e7mgABObk91tllWT:IiIE7YoI2nwW+eGQR7MTozGxu8C0ibfK

Score

10^/10

crealstealer pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  C4lexFckingC4cked.exe
- Size
  
  10.2MB
- MD5
  
  298004294ffdb857920787bb81effda9
- SHA1
  
  7239c9a132daf3a2ed11345772bb43c5fc9619d9
- SHA256
  
  367e6943901a7a573bde560b7a97216af66ef985bd1b7c37a525c9c6fd3b8436
- SHA512
  
  59162ec2f6ed1c523514fcc9da07fffd6394d3c6c7689bf36145fd3bf827fbc6dfa97a8b104dd394a549ddff5f2dd8eafc96f7532764e6a847070247d94f271a
- SSDEEP
  
  196608:E0EiIE7SRpoIEDn61W903eV4QR7MToEuGxgh858F0ibfU36e7mgABObk91tllWT:IiIE7YoI2nwW+eGQR7MTozGxu8C0ibfK
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1
- Target
  
  Creal.pyc
- Size
  
  100KB
- MD5
  
  35daeb2ddc15e26c4bd9e6760ced6d70
- SHA1
  
  99ebd997aa59dd8115493e8dbfa285f620d9be16
- SHA256
  
  1bd4f4e4d9b6877a0b98f79585ccc4c0c2ecf58f5ee158e76e1d8cb47d6c62d5
- SHA512
  
  54335fa38a2914dc53c753ff3bcaa20986703185d96dec9873bc416e04f98c9e3d3ee5412264aba19646934f9ad63c4748d3159e84d9613756b4f2b28029b1c4
- SSDEEP
  
  1536:TrmaqMamgphoWdUeOPZZYGQmGwWaq1Rk6lwTBHzBpQ4+rCfESsCYGQ0MuGl7Y+hP:Ta7MaNdUcdxRxlqM47JfYYMumhOH2
Score

3^/10
behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

pyinstallercrealstealer

behavioral1

behavioral2