crealstealer | 5f99c75fe6d2e804c083efae9d6b70c5ad4a72d9dbeb02537038c6fb3fb51622 | Triage

Sharing

General

Target

GDS Pizza Massacre.exe
Size

7.2MB
Sample

240123-dascmsfgh2
MD5

a5771a104174a04ad794af56f6dcd022
SHA1

f4e9cea64ca615c81f05d412675efdd8b5efa2e3
SHA256

5f99c75fe6d2e804c083efae9d6b70c5ad4a72d9dbeb02537038c6fb3fb51622
SHA512

d35a7385384aa438beab7794521befa3ecee35d69c75d84b5ba714e286e4f2039b01d28f74c9c9ec0fc22e18c8df94cb679e5d66a762346e768bbe5f1b479aab
SSDEEP

196608:z3CT+aj1rpnrJehwiIbZg4TIdQNm5XKCt7o+JwDb2:7CT+aoqbCdQyftBJwDb2

Score

10^/10

crealstealer pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  GDS Pizza Massacre.exe
- Size
  
  7.2MB
- MD5
  
  a5771a104174a04ad794af56f6dcd022
- SHA1
  
  f4e9cea64ca615c81f05d412675efdd8b5efa2e3
- SHA256
  
  5f99c75fe6d2e804c083efae9d6b70c5ad4a72d9dbeb02537038c6fb3fb51622
- SHA512
  
  d35a7385384aa438beab7794521befa3ecee35d69c75d84b5ba714e286e4f2039b01d28f74c9c9ec0fc22e18c8df94cb679e5d66a762346e768bbe5f1b479aab
- SSDEEP
  
  196608:z3CT+aj1rpnrJehwiIbZg4TIdQNm5XKCt7o+JwDb2:7CT+aoqbCdQyftBJwDb2
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2
- Target
  
  Creal.pyc
- Size
  
  166KB
- MD5
  
  2d39008b1ed6166c4c5950f36f333d33
- SHA1
  
  6339d203c155d96a407cb13356049506a2124cb6
- SHA256
  
  1364c4c10b6126976459d4b5c0b75b417fafa148bd28478034e69084147fbe5e
- SHA512
  
  df047a8fd84f921f52f969ab066ed15cfbee26bb61a7948374a9c42cb2b01008c176a324b50b30142f111c45ace95fcf9fac1171d674712e5fd2c37a3bbb1da8
- SSDEEP
  
  3072:56DQeZuz0y/SyFe+B0e/G9kmXucllEKl+xgV+MbZ+:Y8z9qQeOh/G9kmXBllEKlUoI
Score

3^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

pyinstallercrealstealer

behavioral1

behavioral2

behavioral3

behavioral4