crealstealer | 330443e86efd23fd22c62a1fb09b86e1caa94e017bab089a92fb41e28ae9ceac | Triage

Sharing

General

Target

Cstealer.zip
Size

442KB
Sample

240119-stnacsgefk
MD5

f1588dee158c088ba14a31fc33c2939e
SHA1

0b776d41a6e048d8be953b73c12c09a4d22489b4
SHA256

330443e86efd23fd22c62a1fb09b86e1caa94e017bab089a92fb41e28ae9ceac
SHA512

262d9e39ddfc4438a74023659dc7b7ec1dddb547db46a1cef5aa92190905b870550689ecaa8ff9eb8794b6a231d8091dacad1ca0967771c947483e333e832f57
SSDEEP

12288:jkiCtqedNidWylIIDcDBZHoJRdfnVfi6Pz4W+D4:QBt5OVl3mGdfnVfT4ZD4

Score

10^/10

crealstealer persistence

Malware Config

Targets

- Target
  
  Creal-Stealer-main/builder.bat
- Size
  
  57B
- MD5
  
  c856a1995fa86d5bf3dde2a2de732d93
- SHA1
  
  21de21d0ea29ffb9f3061b5d81116408dd228cb8
- SHA256
  
  23fb3df8dca77c02ab3d76013b6e12a2a1fda1a93ef675211c77df9ec6ce39bd
- SHA512
  
  793fb9e4d8b146a4e8d6e0dfa2d756ade17143420215f6b10646758bff39df964f6fa29761b4c6755dac7d1f8aea81152ac615d5b91bcea6018f997d0ecb5715
Score

7^/10

persistence
- Modifies system executable filetype association
  persistence
- Registers COM server for autorun
  persistence
behavioral1
- Target
  
  Creal-Stealer-main/creal.py
- Size
  
  46KB
- MD5
  
  408cca245ff05b7e3abcf3726f560912
- SHA1
  
  3fab986a4edc6a33cacea576fcd54028e90935f7
- SHA256
  
  26025f681c218236d32a7f91c85759e06eb8557a6454889aa1eaf2fbaa3e5439
- SHA512
  
  334c663a57f30c3a9ee631ed734f5313b010dcd03b1fe89c7eeb4dc2e09fff4496fd4b6356a32d3359789e1a10a21de575aed2712bd98e360f8db04deced7299
- SSDEEP
  
  768:Q1DAWRknXeihOCS9DtiXLCezzj/VppDPiDqWR:Q1kWRknhhFS9Dt6LvLVpZWR
Score

3^/10
behavioral2
- Target
  
  Creal-Stealer-main/install.bat
- Size
  
  161B
- MD5
  
  6e850049ee08bf9ed50bfdee6e6934c5
- SHA1
  
  4fcf058207a8c7acbbb08a8c752dc803c66c6963
- SHA256
  
  65df947f76e4c904718c25a0a318ca6f35bdd2328c818ee3b09d75f0f43fa710
- SHA512
  
  3cd1a3098791670756f8151a952b12183e8d74aac28809afb3433565b40dc2d583648d479ab064345c9409f7cb534504ec471cfdfd884a1d420341c975d55609
Score

1^/10
behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Change Default File Association

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3