crealstealer | fb4dc6f64b69baf75b3e8a5caf31a0839e16e2f8e8aebb0e55023559c412c1a4 | Triage

Submit
Reports

Overview

overview

Static

static

FnRtvAimbot.exe

windows10-2004-x64

7

Sharing

General

Target

FnRtvAimbot.exe
Size

15.9MB
Sample

240131-zqn6taecdr
MD5

5b9b2a39d8413e9e4cc0e1351aff3659
SHA1

b8d73472ac3934134eb49ad02923369774aa1ebc
SHA256

fb4dc6f64b69baf75b3e8a5caf31a0839e16e2f8e8aebb0e55023559c412c1a4
SHA512

1f99dd36eec3615b338144c6e8ad2d2282076b7e8ca7df65094e3232223cd80a23efa369c346c58e3544515e6b7fb7cb4ad253e00064b949958ec6c9f750e483
SSDEEP

393216:UXGD2ntpUTLfhJsW+eGQRCMTozGxu8C0ibfz6e57R1bmXiWCNI:U2DaHUTLJSW+e5RLoztZ026e5TFVNI

Score

10^/10

crealstealer pyinstaller spyware stealer

Static task

static1

pyinstaller crealstealer

4 signatures

Behavioral task

behavioral1

Sample

FnRtvAimbot.exe

Resource

win10v2004-20231215-en

spyware stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  FnRtvAimbot.exe
- Size
  
  15.9MB
- MD5
  
  5b9b2a39d8413e9e4cc0e1351aff3659
- SHA1
  
  b8d73472ac3934134eb49ad02923369774aa1ebc
- SHA256
  
  fb4dc6f64b69baf75b3e8a5caf31a0839e16e2f8e8aebb0e55023559c412c1a4
- SHA512
  
  1f99dd36eec3615b338144c6e8ad2d2282076b7e8ca7df65094e3232223cd80a23efa369c346c58e3544515e6b7fb7cb4ad253e00064b949958ec6c9f750e483
- SSDEEP
  
  393216:UXGD2ntpUTLfhJsW+eGQRCMTozGxu8C0ibfz6e57R1bmXiWCNI:U2DaHUTLJSW+e5RLoztZ026e5TFVNI
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

pyinstallercrealstealer

behavioral1

© 2018-2025

Terms | Privacy