crealstealer | d76259ee1a43f8fd4dffdb76c4b58ae9f476c36871af0c9e9ceb335cf8a758d9 | Triage

Sharing

General

Target

yeno.rar
Size

12.9MB
Sample

240207-2p8j6sbc57
MD5

1063f6fa94832e40cf159577b2606c79
SHA1

db242c2b3232409d571d49c8b931e75037662215
SHA256

d76259ee1a43f8fd4dffdb76c4b58ae9f476c36871af0c9e9ceb335cf8a758d9
SHA512

e8aa66d81fa39412ff07d70a91f34f18c9af8e8abe363d3e98bd5eba63475044dcbf7e3e34388b688267809c6204b411889248abd150b74ebe073a56c6f28502
SSDEEP

393216:8uwrZG3uvXsClfhCxxHZGFS1L1NWnPs8r5F:/Qw+UClJEHZGFS1LgEC5F

Score

10^/10

crealstealer pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  yeno assist.exe
- Size
  
  13.2MB
- MD5
  
  9bb8716c630c824e776fedf1d0d876f6
- SHA1
  
  e57c91850425b04c38e48bd1d05846db2c0ff9b9
- SHA256
  
  292468b8c0085a821e1546c601f41ff55505af5b5ecf09383964e8a558ac6d51
- SHA512
  
  dd492a937b5e5391446b8220621b5be7f3b4295264e7a6c8f3caf24d3d58511244c0e52722b67e33992185963940c5c924874b6566adc9fb96546fcb7eec615a
- SSDEEP
  
  393216:DEkMD2nwW+eGQRIMTozGxu8C0ibfz6e57Q1bmXiWCUI:DUDawW+e5R5oztZ026e5uFVUI
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2
- Target
  
  creal.pyc
- Size
  
  53KB
- MD5
  
  d57cf76bc9d4158773bd335fc1ca207e
- SHA1
  
  d69be95135b1028fb6fb3043854fa94a5a97cf29
- SHA256
  
  b18befb3044fe1773846c72752ff0dd63aeb02b231972d94d23018fc51d1db9f
- SHA512
  
  082a46834c0811005073a522d26384a8bb215dfc3e5348c419deb3e2fdafde0ede57e309ee0d09fc1735273499dbfc78faa5f18981ebeea998773df40685da8b
- SSDEEP
  
  1536:2raaqMamq3YwmQyLCipnml5ZOhLQmGwCo3gX:2u7MapmJpnDSou
Score

3^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

pyinstallercrealstealer

behavioral1

behavioral2

behavioral3

behavioral4