crealstealer | 0e74ad9b6f3e77c13cc818d7151403d85ed94d669157150ffe97d8d889c14b72 | Triage

Sharing

General

Target

soan.exe
Size

17.9MB
Sample

240201-hb21pafcfk
MD5

635d67c69491f54b4eb2023bda710e40
SHA1

ba804971c0157a44976eb6f68807cea229003219
SHA256

0e74ad9b6f3e77c13cc818d7151403d85ed94d669157150ffe97d8d889c14b72
SHA512

46fdac407f01d9f1f3c444a2a1a47ce7a39fe60fb56044bcedd6f593c5f63a6ba8e5212973b6118031efd9b3afe824dabf600878e773bfe711ff971e0e668223
SSDEEP

393216:EqC2DlnfBfFZNRwSo67W+eGQRCMTozGxu8C0ibfz6eKk7M1bmXiWCNi:EcD1fBfFXR667W+e5RLoztZ026eKkiFi

Score

10^/10

crealstealer pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  soan.exe
- Size
  
  17.9MB
- MD5
  
  635d67c69491f54b4eb2023bda710e40
- SHA1
  
  ba804971c0157a44976eb6f68807cea229003219
- SHA256
  
  0e74ad9b6f3e77c13cc818d7151403d85ed94d669157150ffe97d8d889c14b72
- SHA512
  
  46fdac407f01d9f1f3c444a2a1a47ce7a39fe60fb56044bcedd6f593c5f63a6ba8e5212973b6118031efd9b3afe824dabf600878e773bfe711ff971e0e668223
- SSDEEP
  
  393216:EqC2DlnfBfFZNRwSo67W+eGQRCMTozGxu8C0ibfz6eKk7M1bmXiWCNi:EcD1fBfFXR667W+e5RLoztZ026eKkiFi
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2
- Target
  
  creal.pyc
- Size
  
  53KB
- MD5
  
  7c365f142ff15ab9662a4a21b4aa9efb
- SHA1
  
  c88c32070236f26f98175cc8cc24b0d973b41e42
- SHA256
  
  63434347837aeeca5032b77e84a30bebc3db89850110e0d28de864d46781d612
- SHA512
  
  f2fddbd832b1676118752749de7e9029546085adc930080b6fd0ddbe23f542b9040bce21471e3894971a8990fa367a9000e951538d12cd0dcef3f74987bfc3e3
- SSDEEP
  
  1536:2rEaqMamq3YwmQyLCipnml5ZOhLQmGwCo3gI:2w7MapmJpnDSoB
Score

3^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

pyinstallercrealstealer

behavioral1

behavioral2

behavioral3

behavioral4