crealstealer | 8a714538823fc5e4cdbec6114c6d30fe3ab2eb2b557b81de4c59e073c85aa765

General

Target

NSFW_Generator.zip
Size

13.6MB
Sample

240222-2m5eqsge59
MD5

13d393059d3aad115b1119cdb7389a32
SHA1

bc7c89aacacdf0027e6274312dd0f4f4ee5d21c4
SHA256

8a714538823fc5e4cdbec6114c6d30fe3ab2eb2b557b81de4c59e073c85aa765
SHA512

6eb50b0ea1ead56752da0d569e6a0ebffa69d8693675084522800ecce6754952d590f5179bc087b340ba935ebffcd214d961f9a2b30891cf812f6d1537ede2b9
SSDEEP

393216:+ntaFcUCtjef0WtDLC3nz4zJFCU0+sSqHF3cVGhF4FvGsc:q8FXCtw0Wtaj4Pr0HSqH6AQvFc

Score

10^/10

Malware Config

Targets

- Target
  
  NSFW_Generator.zip
- Size
  
  13.6MB
- MD5
  
  13d393059d3aad115b1119cdb7389a32
- SHA1
  
  bc7c89aacacdf0027e6274312dd0f4f4ee5d21c4
- SHA256
  
  8a714538823fc5e4cdbec6114c6d30fe3ab2eb2b557b81de4c59e073c85aa765
- SHA512
  
  6eb50b0ea1ead56752da0d569e6a0ebffa69d8693675084522800ecce6754952d590f5179bc087b340ba935ebffcd214d961f9a2b30891cf812f6d1537ede2b9
- SSDEEP
  
  393216:+ntaFcUCtjef0WtDLC3nz4zJFCU0+sSqHF3cVGhF4FvGsc:q8FXCtw0Wtaj4Pr0HSqH6AQvFc
Score

1^/10
behavioral1
- Target
  
  NSFW Generator/How does it work.txt
- Size
  
  302B
- MD5
  
  5fc9f96775dda8c5d492c3dd42955659
- SHA1
  
  0492a9b76597683fb11c660ec97d5e92830cce06
- SHA256
  
  bd7a81f2b6eaa326db8d17d410424c70bf2eb9f9b49db9bf4a3a5fcea77660d8
- SHA512
  
  c82b9f414cac6c1473b46a2ae85be56cc9c5fcb8f10a2380c90bf1a04c78c76528334421ebf1820b4bf5d1a671f50900daffa2854a909e1154196bd0b692cf49
Score

1^/10
behavioral2
- Target
  
  NSFW Generator/NSFWGEN.exe
- Size
  
  13.8MB
- MD5
  
  638d136547ece9e4f282d62aa6562a07
- SHA1
  
  19ba1d25332fac7c3fe7bf0eae2ad3520fded5db
- SHA256
  
  d7407d5dd0dca80aa9798ff6aaa10635474feab533b7e6db87d759abf69f1ee8
- SHA512
  
  e1c2f4a6ffff124c5a7cece7a48be026f1098708376f3e03d46f2e8a0f35e05d223da05b78ef3417422d62ce9feaa137241b0f879b731f63b2c1cbaafebc3323
- SSDEEP
  
  393216:hiIE7Yo5D2nwW+eGQRIMTozGxu8C0ibfz6e57F1bmXdWCNx+:O7r5DawW+e5R5oztZ026e5XkVN4
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral3
- Target
  
  Creal.pyc
- Size
  
  397KB
- MD5
  
  7bf34bc63c944b81516226e9ed996cf3
- SHA1
  
  23eb0ff3f0a315c5a81095d135537984a39ff5a7
- SHA256
  
  b88747a93c42675aafb603b1df42aadd5d3768ea21019cde2049c6031598da54
- SHA512
  
  d9915cc8f54443e381a924c5b9ce1e7ed5eb45ed898482cc549281fad61624d8b8ed250093262b6c3a731c63c9d2149ef38ae20ee212157a79ecea875b0f15ee
- SSDEEP
  
  6144:fQUg605ApAzYmfiTNh3zDv8GT72EBEO35rNx0E:oUg6nAUmfiTNh3zDv8GOLA5WE
Score

3^/10
behavioral4
- Target
  
  NSFW Generator/start.bat
- Size
  
  17B
- MD5
  
  7832b275978713ff3c40544308894cda
- SHA1
  
  981608258b7ca6860bc90981321716d167884302
- SHA256
  
  fa52f3a6d700af1047bd644f48985baa147256b612cc0751968cc3e0715c69c1
- SHA512
  
  d77c0216f1a4e7dae6b417c3c1e3339fce4cf30b112dc8251011ebb82ad489b2366e71699323af14e72c96a4793fc5bb86a22b6bb723d2302cf5e6712a3cac85
Score

7^/10

spyware
- Drops startup file
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral5