crealstealer | f6200c2c6a783b91beda7c166c26e6f0755dec715dab2cac71cf102c9242892f | Triage

Resubmissions

03-02-2024 17:04

240203-vlj9vagdgl 10

03-02-2024 16:59

240203-vhgdsaead8 10

Sharing

General

Target

imglogger.exe
Size

15.1MB
Sample

240203-vlj9vagdgl
MD5

f7885f6eb7f24c705673b2bc636aa37f
SHA1

30495fb2a2415a39e6cd42198d1281cbc0f85f1a
SHA256

f6200c2c6a783b91beda7c166c26e6f0755dec715dab2cac71cf102c9242892f
SHA512

bd2c356824f56164b17649fdc5cba30047359dbb4696b1c458e671a90573463fd636d1826d3c7bf78943b75c0ceaf8e320d6f385dde97c055f849c99ecbcf49f
SSDEEP

393216:U3iIE7YopTRk3meCcGfdYYM0G9bYXN9kIEuBUrfzA3/:T7rRRaY5FYYFWcXLh+zzAP

Score

10^/10

crealstealer pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  imglogger.exe
- Size
  
  15.1MB
- MD5
  
  f7885f6eb7f24c705673b2bc636aa37f
- SHA1
  
  30495fb2a2415a39e6cd42198d1281cbc0f85f1a
- SHA256
  
  f6200c2c6a783b91beda7c166c26e6f0755dec715dab2cac71cf102c9242892f
- SHA512
  
  bd2c356824f56164b17649fdc5cba30047359dbb4696b1c458e671a90573463fd636d1826d3c7bf78943b75c0ceaf8e320d6f385dde97c055f849c99ecbcf49f
- SSDEEP
  
  393216:U3iIE7YopTRk3meCcGfdYYM0G9bYXN9kIEuBUrfzA3/:T7rRRaY5FYYFWcXLh+zzAP
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2
- Target
  
  creal.pyc
- Size
  
  60KB
- MD5
  
  dbc1ea3b8b872403eeef5fe8f1a57d47
- SHA1
  
  1c6f04b0af1e60be1bbd847e31c7a0f3e07a6e75
- SHA256
  
  be4bb432a30d02dd360e644edd6572091fb942450948c0cab503d35d4ea105a2
- SHA512
  
  c04dbb375d897a4eb411b1ef36bdb902f9f0924afa8bf757d145624665e8f8612c2764e3df9854dd3bdd4305cca707cf6a850bb413d34927aaa027a68363e011
- SSDEEP
  
  1536:ur/r+5Ixj33TRdOuamKbe9u6G4133Jbd/:u3+5IxbXasuN4133j
Score

3^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

pyinstallercrealstealer

behavioral1

behavioral2

behavioral3

behavioral4