crealstealer | d3ff84dfc1f23d3d2016cabf1149038c97f4651c6f6d75181a43a432d8e86afd | Triage

Sharing

General

Target

SnapHacker.zip
Size

13.6MB
Sample

240222-2km3nsgd95
MD5

4f7fcdb46fb294597874c80693a97fd0
SHA1

045f79a71513c59d618e25b1d115fe720c3b695d
SHA256

d3ff84dfc1f23d3d2016cabf1149038c97f4651c6f6d75181a43a432d8e86afd
SHA512

1409fb850af7f5df6390fd8b367fa844dd90984a68bc5774e2305601fa924ea14608a5885931503b2df09d101aac876eaead1fb8374552f2a6d93eed05a163e3
SSDEEP

393216:Xtg6ivGICSRv1D84DH8Q6NBKuvn04fNQiUhn/CptGkZ2CX:YvLCSrD84rD6ye0ENQiUdqbZDX

Score

10^/10

crealstealer pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  SnapHacker.zip
- Size
  
  13.6MB
- MD5
  
  4f7fcdb46fb294597874c80693a97fd0
- SHA1
  
  045f79a71513c59d618e25b1d115fe720c3b695d
- SHA256
  
  d3ff84dfc1f23d3d2016cabf1149038c97f4651c6f6d75181a43a432d8e86afd
- SHA512
  
  1409fb850af7f5df6390fd8b367fa844dd90984a68bc5774e2305601fa924ea14608a5885931503b2df09d101aac876eaead1fb8374552f2a6d93eed05a163e3
- SSDEEP
  
  393216:Xtg6ivGICSRv1D84DH8Q6NBKuvn04fNQiUhn/CptGkZ2CX:YvLCSrD84rD6ye0ENQiUdqbZDX
Score

1^/10
behavioral1
- Target
  
  SnapHacker/How does it work.txt
- Size
  
  221B
- MD5
  
  d0fabe81993f2401f2acdd2e6c9463e6
- SHA1
  
  944164a1d3c029f9c20d680353f3fe7a9178697a
- SHA256
  
  c7bf7bcfd0f5d50d2f6db0bb38ee0e8fdd88144c0a1fca3dc02a4c28a2a47d30
- SHA512
  
  c9676278d2aab6ae59c8c5ed7639d5caafa5571a428ed838fe1583dd70e093439bc58ac96508c743595c672205ef6c7054672874bce1cb0c10696ab21cab4d5e
Score

1^/10
behavioral2
- Target
  
  SnapHacker/snaphack.exe
- Size
  
  13.8MB
- MD5
  
  06f5caf0ddf8b1e3033d83d358d97631
- SHA1
  
  9f867ea09185e9159cb91cd9aac8af7c2e525fd8
- SHA256
  
  a69d061a91d9c159b957e89ee547c285e803030e40d9ab8f9a0d8ec88bf95559
- SHA512
  
  74a4ba7f1a2475c4be1e6d3f2f3bf537f15a995485b1260f3d65eb8b0ca9c4b86d8fcdaad15dc8bb2dc250bdd4599387a727089a422bd11e6c6034acf01c16cd
- SSDEEP
  
  393216:riIE7Yo5D2nwW+eGQRIMTozGxu8C0ibfz6e57F1bmXdWCNx+:Y7r5DawW+e5R5oztZ026e5XkVN4
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral3
- Target
  
  Creal.pyc
- Size
  
  334KB
- MD5
  
  24e2d00223b3cb446e2c493fdd162a38
- SHA1
  
  3c945e57d7d86414ff0d939c389e4f4f60d675f9
- SHA256
  
  e4c4f00f98561a5b6582473a0af94f70a042a3940203b902a81c89c636e4da65
- SHA512
  
  dd6c173c41bd82107fdb94b967f99fb70cadb922e34959733a9c907e685f770589d17b7e5a8b139818ee4d4cd89e64a7f106ba7364c466c14a6c58301922df52
- SSDEEP
  
  3072:cg7MaNdUcd6rQ5Ap9ypIAXJzYmfiTNh3zDv80R4KTEI2EBqdb27kEXSb:MQUg605ApAzYmfiTNh3zDv8GT72EBEOi
Score

3^/10
behavioral4
- Target
  
  SnapHacker/start.txt
- Size
  
  18B
- MD5
  
  65b2307799bee494f3ff9637080aadae
- SHA1
  
  f6330c68d7ec373e4a74503bbfee3716fbed8e7a
- SHA256
  
  07bd5e49efecedec7cb293a89d061f6e04c5f9f1083082a23d59fbba995d6f74
- SHA512
  
  0af9bcd013dcf3d0c0cca8161eaeb3af3f193f8b6893ab00b7d3c84077e1c4a4fe93579b0329ad501ff4b0e7eda2d5f4d881008d2094eb595b44ef17b0685376
Score

1^/10
behavioral5

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

pyinstallercrealstealer

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5