crealstealer | 100645a676deedf7bd3ae1ac58d0b47265389bbbe89d1abaf81c0d07d0070669

Sharing

Copy URL

Twitter E-mail

General

Target

Pizza Tower - Megaleak Experience.zip
Size

194.7MB
Sample

240106-xj62yafbh2
MD5

c0a863832952a7a281e13676f18e6f62
SHA1

525086e539ef3fdbc60f21a0416115e5ac94c537
SHA256

100645a676deedf7bd3ae1ac58d0b47265389bbbe89d1abaf81c0d07d0070669
SHA512

0641c6513fe971ea370b7dd43ff206a6ad889e94236ba96c673255545b168b47c20704896b6cffeddf499f676e031f307ed1e23a986bdd9c873fe59a7f51a557
SSDEEP

6291456:TCiETTaE61SuzordcpcWUjF/v2zERj6XB:BuTTuzOrjFWE6XB

Score

10^/10

Malware Config

Targets

- Target
  
  Pizza Tower - Megaleak Experience/PizzaTower.exe
- Size
  
  7.1MB
- MD5
  
  d4c2e3ad524c2112712f0b762ab38bb9
- SHA1
  
  f48e48895154c1f8ee0b389eca15236b920efd1a
- SHA256
  
  bf3973747453f2d6437ced09d04d29d2c917ebe3412d2532b5229e949ceef5bb
- SHA512
  
  e76d79189bfe32dd4664645b5080063cc71734c6d5e7f54a75116efeff5b61c5ce4e69f72b969e70a77b17952656bed6913f96df07cc6730a4e79ae6df8641aa
- SSDEEP
  
  196608:QCT+aj1rpnrJehwiIbZg4TIdQNm5XKCt7ogJwDb2:QCT+aoqbCdQyftNJwDb2
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1
- Target
  
  Creal.pyc
- Size
  
  83KB
- MD5
  
  f7c4c38a6cc3088cc9d14e5950bf0b62
- SHA1
  
  37575c960d37ff59c62e5f4b92e6e405b5269924
- SHA256
  
  60412a4c7eced16fd2151f367c138e0379ecc7ab9cc54c4d631a31bb2374ab3a
- SHA512
  
  9fef7b7b577b1068c2b772dc985790a299ed40e2f235ff4e11f46a1de73f9976828b5fe06d7f804a0542443ac467b4aa718a3a66bf418974d63b2f199e17638e
- SSDEEP
  
  1536:MupDr8eZuzTZMB7ahPJGgHM3w5YwUTQtFGc08ftqxk:bpDQeZuz0yKB2nN
Score

3^/10
behavioral2
- Target
  
  Pizza Tower - Megaleak Experience/data.win
- Size
  
  83.2MB
- MD5
  
  7baebb150eb9cc1577a83fee7fac0536
- SHA1
  
  5f0fe28ac345ab3ec69775f9db793277c426fa2a
- SHA256
  
  2d2024a6ee1965dc5e14e01a7ce58d3166212940087d87c6fa30abf78251f84b
- SHA512
  
  8053853e5f671f143f67dd92214a3aec0bc7befb1d6c809c4d355ea39e69aab70b50c6d2f4ace9ba7dcaa40bc4e1596240a14e3dd25d68df99ffda5c57bc074d
- SSDEEP
  
  786432:DcKheF05+xcsxNSLXq3TbjJyPdZc7Rdi:hYeuNWXsF9f
Score

3^/10
behavioral3
- Target
  
  Pizza Tower - Megaleak Experience/fmod-gamemaker.dll
- Size
  
  35KB
- MD5
  
  7d03df224eef39d3c507e33fe2165158
- SHA1
  
  c8a1f626079a3a7e750d5205d1ed92f3f9d6c499
- SHA256
  
  0cbb76f9bd8987c194b891c3c0b14c3ffb15ae0f676623a811090ca7619bd3b3
- SHA512
  
  2dd05d7495456cda7bbea293032569ea6956b22f9e96e2a68de291bb3cc54e5240471d3994a04ff3481f4d76ded694803e55a870490a8aa8ba806a82d596ab54
- SSDEEP
  
  384:HshbIB/FimHZgyn1bMVB39LkS7XuTE8L8RMO3VH6cbJ/NlGz8WDf9qGuokHmbPIz:4+S1/NlGz8W7bIOPOP4I7
Score

1^/10
behavioral4
- Target
  
  Pizza Tower - Megaleak Experience/fmodstudio.dll
- Size
  
  1.4MB
- MD5
  
  3aa316d24bac9601e3136d73cee0193d
- SHA1
  
  9448c6c683239b9b67a73831112a8a2d3e077541
- SHA256
  
  489e8d08b760579a1974de3865a16c9c5e6dd989a09c831cf1c8c7db7c1ea50f
- SHA512
  
  e2f2093665b40b2aa705e6e92cd93a823361928e8d527d40cb42f4d548b6dfba72d0aa05b4046225ec2a00fe84b25f0c5cf41af091a2355c41a119dc08c30d8c
- SSDEEP
  
  24576:WDdspg+MtYUteTzXmYs8NGo4mmHq30JbV/ybI:2sp5MtYgeTzXm4/7+T/yM
Score

1^/10
behavioral5
- Target
  
  Pizza Tower - Megaleak Experience/gameframe_x64.dll
- Size
  
  6KB
- MD5
  
  d2503d70b9ada6302b9424caf6987522
- SHA1
  
  ba327c52f3ab987b1218f8cda363c4003e6b4db6
- SHA256
  
  bf6699ee52f7e52dc2444de4afece133a37127d194272e323509120497b7d974
- SHA512
  
  fa40bc000aab587b0642863016eab43bd67331e9653fd4f5e4a8863ed284e362c01866b7deecf6ad7f05acdc6b741bab8ac9f83a0f4ddc6ad8ddcc5c19e18a04
- SSDEEP
  
  96:GosrIC4lrlf+4JWuPUMLcIS9JF+Y+MIUnKnM:GL74FAeBjcbYo
Score

1^/10
behavioral6
- Target
  
  Pizza Tower - Megaleak Experience/lang/aslm-language-file.txt
- Size
  
  25KB
- MD5
  
  b7c744eaf7096bbec580677e49f49e42
- SHA1
  
  1dc3eca306ac24aab4e30bb9c53b53754d43ecd3
- SHA256
  
  df4e88f8258173e909c8476fc4eb6609b18cca13ece3e21488feb835e4cc5f8a
- SHA512
  
  51146ee5a09b2f3d68b2f9d1581ba7fcce9c7c87588d6037c9faf8f6cb0f2a9ce816ab2d778c94a8e30eeac65f8a02c5cac649e0faca47d9ee62a2ffc34ce0ce
- SSDEEP
  
  384:QbCd/8jimSP1aNy+fiRIP3nr8HBuzGHfiz2PnsXi8WNVV+1Ja/8Dx4:uu/p3cNsI/nr5G6yGiFZ+1Ja/8W
Score

1^/10
behavioral7
- Target
  
  Pizza Tower - Megaleak Experience/lang/english.txt
- Size
  
  29KB
- MD5
  
  0c5e4637a927bc56ad80a12925d1e339
- SHA1
  
  c0dbb4c67f4b7aa81d3edca3cf3dd2ed1da6e6ac
- SHA256
  
  be419665ef9f9ca471d19105d11c426bca34c779cdf73725af51d0d4ee4cb233
- SHA512
  
  0ea36f85a06e429870854f72c126e9cef7c279236aad001b89fc6f10857f0743bc4d413f7d068ce6fd92122e9e09422d309629723480c3bb48179c9bdf9edacf
- SSDEEP
  
  384:XMkCd/8jimSP1aNy+fiRIPCimr8HBuzGELuPYUsW4Og9z2PnsXJ8WNVk+1Ja/8DK:Vu/p3cNsIaimr5Grc7yGJFg+1Ja/8W
Score

1^/10
behavioral8
- Target
  
  Pizza Tower - Megaleak Experience/sound/Desktop/Master.bank
- Size
  
  4KB
- MD5
  
  7043901b2a6891d362f43e9b39186cf9
- SHA1
  
  49a8bbcf780362954eab24ad47d94a988150ab6a
- SHA256
  
  466366dd17fcd71a524a183aa0a6d0e0a08006bae97732a1512d5fdf56ed4267
- SHA512
  
  9005fae733392d46a631b67d5b70b7ce3eaef24504a352426ee00f5e2eb79d5bf2fde71f287e12d3ada9f7f55adc0fc96748467120a2f493c157eae82894d973
- SSDEEP
  
  96:TQ/RbabT+2LvHsKQKOhp17mj9FtPrKZ5JNtbr/QJaJZx+UtBJ7rKa0afq:kZmDgKjO8ZXTyPPYuPtB1KAfq
Score

3^/10
behavioral9
- Target
  
  Pizza Tower - Megaleak Experience/sound/Desktop/Master.strings.bank
- Size
  
  24KB
- MD5
  
  d8084228f41f96dcd65042a0b7c1a929
- SHA1
  
  bb5ac128d5c529ac9412a6403c2bf971637f3262
- SHA256
  
  b46b9ef68aaee8bde7a12cafbaaaceb9f2d2acbef43961faf477bd138dc0dc4d
- SHA512
  
  4b6fba7780a8730264d31cba1ed2ef569783858b42b5abe5ecd45f5cfd02dddec6ba5d3656aa6648490de0b67bdb153dd0c9e9ff1265ffbaf892af87f6718f41
- SSDEEP
  
  768:zL8ubcOk682pc36AoH/mTNBoGHC2QM0xq/l:MqcPd20oHGTosbQM0Q/l
Score

3^/10
behavioral10
- Target
  
  Pizza Tower - Megaleak Experience/sound/Desktop/music.bank
- Size
  
  148.3MB
- MD5
  
  0234b1d044abafb6e78b448221f024b9
- SHA1
  
  96b583f0cf3e1333dd6460b79be058e70d52c31d
- SHA256
  
  a3088d5652737e0859a971a44ebc2932fb3d568d45e903c4728e6022fd15bf85
- SHA512
  
  9714fabde4b442baa02b3996fcd9c5c3671ba46cde7c7b9d515bd11e3a493fabb8ee36965716a1fcc73de3f8ff23143877c19b7464887e07cf3f66ffa97f586a
- SSDEEP
  
  3145728:bjXjhb+Ixon+Tf6zKJER9VF3IPPnGeAdhRmAfvgF6KLM+/AApjk9Y:3XlNxo+WGK97MnPAdXB9qM6H
Score

3^/10
behavioral11
- Target
  
  Pizza Tower - Megaleak Experience/sound/Desktop/sfx.bank
- Size
  
  13.7MB
- MD5
  
  e95615abfba0bcf0834376592efe7cb9
- SHA1
  
  6fff55634bd187d17675542037e35e1a1fd1983d
- SHA256
  
  7122ccedabcbc46916b0fb0e1b6110db44502ae7f44025a0e71a2bf801578587
- SHA512
  
  eef48730ae3821022aa5da3ccc071ba05be472469585dc925c131b7d3439ff7a4f8c0039c3a19737941a113c1f20cc42c6da13ab550147cace995a2d0d68d00c
- SSDEEP
  
  196608:LsqXnoMkrTzPDlLRjtwsv38NFj/GCIciFHqyQsDYt1ZF8M20O:wlMkHzPZLRjz3gteCgFHdQaYbK0O
Score

3^/10
behavioral12

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Process Discovery

T1057

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Drops startup file

Loads dropped DLL

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12