crealstealer | 8a0b8137278ad2cb6dc352a96f8ade5724a595dcb777432e6c8f078d70f3f718 | Triage

Submit
Reports

Overview

overview

Static

static

VapeV4Crac...ed.exe

windows7-x64

7

VapeV4Crac...ed.exe

windows10-2004-x64

7

Sharing

General

Target

VapeV4Cracked.zip
Size

13.4MB
Sample

240215-wf3pnsdc87
MD5

0262f671d77f99c84a6a1c557d92f965
SHA1

0a4fa8e57efb4467b180ad7d247d8826ab1c5ca5
SHA256

8a0b8137278ad2cb6dc352a96f8ade5724a595dcb777432e6c8f078d70f3f718
SHA512

91d745030e7f201588e1f94e605ff108defcd8fa374158c1f9a7acb6864ec7342f621932a0628550859079e465710831a97b80803538923f37a31e6fa9d46114
SSDEEP

393216:GNEJbxo01YllinmctxwYj0o1F0Ol6w8ujuFX2Ud2Uq:GyFxv1elindHwvoL0M6wLITdhq

Score

10^/10

crealstealer pyinstaller spyware stealer

Static task

static1

pyinstaller crealstealer

4 signatures

Behavioral task

behavioral1

Sample

VapeV4Cracked/VapeV4Cracked.exe

Resource

win7-20231215-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

VapeV4Cracked/VapeV4Cracked.exe

Resource

win10v2004-20231215-en

spyware stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  VapeV4Cracked/VapeV4Cracked.exe
- Size
  
  13.6MB
- MD5
  
  a3c081e2912080dfdc6a9c981530b6f0
- SHA1
  
  4eeb04ea61ff6b829b8b52952d68584a1cdb6e69
- SHA256
  
  38ae76715fa9a566a0e74f682b7dd9f588b54b263bea369429be49848ff0422c
- SHA512
  
  c16e60520245030f3cb3f52266bf20295c2f020bebdc2416e51b0db87d931069e02b3c5f5a92bc83316136767eb055066bc8c34be8cf2a7061841be2cb64f291
- SSDEEP
  
  393216:/niIE7Yo5D2nwW+eGQRIMTozGxu8C0ibfz6e57K1bmXdWCNx+:/87r5DawW+e5R5oztZ026e5IkVN4
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

pyinstallercrealstealer

behavioral1

behavioral2

© 2018-2025

Terms | Privacy