crealstealer | 2f0938d6bd9306b7bd6b7a1367503c3c00206da7975d3e95ab2b1f39366e0234 | Triage

Resubmissions

15-04-2024 19:47

240415-yhvsysee92 10

11-02-2024 21:53

240211-1rtncsbh6y 10

11-02-2024 16:00

240211-tf4wmahe8s 10

Sharing

General

Target

Tools.bat
Size

14.3MB
Sample

240211-tf4wmahe8s
MD5

5e17678827dab1a21e00558406819f23
SHA1

640c6b18840eda6b89f0fef1b890e672df61658b
SHA256

2f0938d6bd9306b7bd6b7a1367503c3c00206da7975d3e95ab2b1f39366e0234
SHA512

f228a7c2bfb5248ec5dd35dcfc1ba29ab8c86458f9fa467d3d5acd55547c408640c2bf5dc2c3df3bcdc93c80700676003bd2bf4a5278b512510655a6562d1aba
SSDEEP

393216:uu7L/sQs+SyzdInEroXF14S2rn8h+1AcYBf6B/:uCL0QdSyCErU8Lj1A16

Score

10^/10

crealstealer pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  Tools.bat
- Size
  
  14.3MB
- MD5
  
  5e17678827dab1a21e00558406819f23
- SHA1
  
  640c6b18840eda6b89f0fef1b890e672df61658b
- SHA256
  
  2f0938d6bd9306b7bd6b7a1367503c3c00206da7975d3e95ab2b1f39366e0234
- SHA512
  
  f228a7c2bfb5248ec5dd35dcfc1ba29ab8c86458f9fa467d3d5acd55547c408640c2bf5dc2c3df3bcdc93c80700676003bd2bf4a5278b512510655a6562d1aba
- SSDEEP
  
  393216:uu7L/sQs+SyzdInEroXF14S2rn8h+1AcYBf6B/:uCL0QdSyCErU8Lj1A16
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2
- Target
  
  creal.pyc
- Size
  
  32KB
- MD5
  
  651717bdcddac421fd3ffa1e23f14ece
- SHA1
  
  3074d6ad6c2cbce00a9de2307d1664d80d890c39
- SHA256
  
  18c562fc51a4b30bca6aeca0e07bd3455b0aab96441dea4be498051783bd80b2
- SHA512
  
  1c35e2905a026f7eda5dc7675967c7b41ca055f3efe9eb89d5f152160f3bb4165286adad16fcda72834bb684b10627824dfda3187e03990f3703d9d2943dfd9e
- SSDEEP
  
  768:L8Dnr72VsfNEiyGuAfKFMrRtfqtvEwS7bnjerAroaHjsIAcn8YC06X:IjrveZaKFcfDwS7fuPc8YD6X
Score

3^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

pyinstallercrealstealer

behavioral1

behavioral2

behavioral3

behavioral4