crealstealer | d76259ee1a43f8fd4dffdb76c4b58ae9f476c36871af0c9e9ceb335cf8a758d9 | Triage

Submit
Reports

Overview

overview

Static

static

yeno assist.exe

windows7-x64

7

yeno assist.exe

windows10-2004-x64

7

Sharing

General

Target

yeno.rar
Size

12.9MB
Sample

240207-1v63vsbeh6
MD5

1063f6fa94832e40cf159577b2606c79
SHA1

db242c2b3232409d571d49c8b931e75037662215
SHA256

d76259ee1a43f8fd4dffdb76c4b58ae9f476c36871af0c9e9ceb335cf8a758d9
SHA512

e8aa66d81fa39412ff07d70a91f34f18c9af8e8abe363d3e98bd5eba63475044dcbf7e3e34388b688267809c6204b411889248abd150b74ebe073a56c6f28502
SSDEEP

393216:8uwrZG3uvXsClfhCxxHZGFS1L1NWnPs8r5F:/Qw+UClJEHZGFS1LgEC5F

Score

10^/10

crealstealer pyinstaller spyware stealer

Static task

static1

pyinstaller crealstealer

4 signatures

Behavioral task

behavioral1

Sample

yeno assist.exe

Resource

win7-20231129-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

yeno assist.exe

Resource

win10v2004-20231222-en

spyware stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  yeno assist.exe
- Size
  
  13.2MB
- MD5
  
  9bb8716c630c824e776fedf1d0d876f6
- SHA1
  
  e57c91850425b04c38e48bd1d05846db2c0ff9b9
- SHA256
  
  292468b8c0085a821e1546c601f41ff55505af5b5ecf09383964e8a558ac6d51
- SHA512
  
  dd492a937b5e5391446b8220621b5be7f3b4295264e7a6c8f3caf24d3d58511244c0e52722b67e33992185963940c5c924874b6566adc9fb96546fcb7eec615a
- SSDEEP
  
  393216:DEkMD2nwW+eGQRIMTozGxu8C0ibfz6e57Q1bmXiWCUI:DUDawW+e5R5oztZ026e5uFVUI
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

pyinstallercrealstealer

behavioral1

behavioral2

© 2018-2025

Terms | Privacy