crealstealer | c0308e2ea71ff40ce878556504ed644435ec61502bd5d01941ed632ccec029f9 | Triage

Sharing

General

Target

stealer.exe
Size

16.0MB
Sample

240210-y5sl4saa52
MD5

81da6189145c24816d35bf038845e753
SHA1

741dc8f77ff22f23450ab362054889828dfdbf3a
SHA256

c0308e2ea71ff40ce878556504ed644435ec61502bd5d01941ed632ccec029f9
SHA512

1dce39462761bff379360e3a80938bba27c7c429481fa476f54623f836f284f03dd692a4f846116ec27f4aaa5776698fb757affbd3d28e0befee3f6be1f8bf11
SSDEEP

393216:bEkZgf8iSNPG7NmiZoW1+TtIiFGuvB5IjWqn6eCz1kypRXiWCoaa:bRbioKEAl1QtIZS3ILn6ehyaVoaa

Score

10^/10

crealstealer pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  stealer.exe
- Size
  
  16.0MB
- MD5
  
  81da6189145c24816d35bf038845e753
- SHA1
  
  741dc8f77ff22f23450ab362054889828dfdbf3a
- SHA256
  
  c0308e2ea71ff40ce878556504ed644435ec61502bd5d01941ed632ccec029f9
- SHA512
  
  1dce39462761bff379360e3a80938bba27c7c429481fa476f54623f836f284f03dd692a4f846116ec27f4aaa5776698fb757affbd3d28e0befee3f6be1f8bf11
- SSDEEP
  
  393216:bEkZgf8iSNPG7NmiZoW1+TtIiFGuvB5IjWqn6eCz1kypRXiWCoaa:bRbioKEAl1QtIZS3ILn6ehyaVoaa
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2
- Target
  
  creal.pyc
- Size
  
  53KB
- MD5
  
  c4613570a264cabdb3dd3974fd525109
- SHA1
  
  e036095a3c1169350318b0e2c10bc925c5e18b34
- SHA256
  
  feac704a8d1ce23d48970088c2ff8f6a3e89b9ed2ba8f40ad9317db10256d135
- SHA512
  
  f4482d9afa76920a424bae58df763a49e63c32b2e37702fc9ea094944e600af26a1c3f27db750f752362e2417f19bea014f7e58108d6226f130ee5adeac1620d
- SSDEEP
  
  1536:2rhaqMamq3YwmQyLCipnml5ZOhLQmGwCo3gI:2l7MapmJpnDSoB
Score

3^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

pyinstallercrealstealer

behavioral1

behavioral2

behavioral3

behavioral4