crealstealer | 18d50f05499e3311fa811582868c234924fef1e271586bdaac4403856f125ab5 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

gang nuker.py

windows10-1703-x64

8

Sharing

General

Target

gang_nuker.rar
Size

4.9MB
Sample

240203-a9bx6adbd7
MD5

0d7957770cd15c725105e09e1ef522d3
SHA1

6a4c71f13a3c9f845f32fb0aca07f2f85df40710
SHA256

18d50f05499e3311fa811582868c234924fef1e271586bdaac4403856f125ab5
SHA512

2265ebb6de6b6348ddd8ac2e44bce4c4514a95dfee1494f19497c8fa8cd623811205750371a9e7aa003c00224f80ce70ac9c9e0eed0b312a110773276373ebed
SSDEEP

98304:p2gd+32VFWXpu/cbpuTeyTBXFWs0DLOPXi4c0nHylzHAq7+Ans3rM:pdIaMu8dyTBXa+ncdzHAq7+z7M

Score

10^/10

crealstealer discovery persistence

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

gang nuker.py

Resource

win10-20231215-en

discovery persistence

windows10-1703-x64

21 signatures

150 seconds

Malware Config

Targets

- Target
  
  gang nuker.py
- Size
  
  11.1MB
- MD5
  
  1c80ffbc9ec6f4b94e97c0061d4c5311
- SHA1
  
  199d4102b3203c5e2866bd636e7c7f5e1f22c6a4
- SHA256
  
  b71d0426e720edd06a7fde5bf5614cc47ee4051ed26e074c2c82adf360af21a4
- SHA512
  
  5c4eac83f48c4b435b1fdbbd9ec638443dc0d0ad0a1907731730f57ac0e2cf6129898f0f620e163fdedf5e0ab894eef10e02a17c152eca3ad350ef4646d9455b
- SSDEEP
  
  12288:V2+8gwhNesLEuVNFXS1y8XAyr3NHwDbnPu3euBvMA3ntJMl/M6p2lMG3:FjwhN1EkNN69dHUbPLudT3B6W
Score

8^/10

discovery persistence
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.