crealstealer | e501bb0f2315d61eddbe2d93bc7a31cb63098ed4e7aad3adb2e46fa089756460

Sharing

Copy URL

Twitter E-mail

General

Target

OURTanks_setup.rar
Size

16.2MB
Sample

240222-razcvaba62
MD5

0d326b9b771ddbf9014a5aaca99f1d6e
SHA1

da2ec3dbcae8547d69f00987d3e0dcadc951c7a5
SHA256

e501bb0f2315d61eddbe2d93bc7a31cb63098ed4e7aad3adb2e46fa089756460
SHA512

5dfabf5231738dc66d7229f807efe30152029dbfb119794204f6baebbeeb9c0fe78482779ff586345517e90987f3d2344d087bd87af9336b0c07ae9c7cbd11d1
SSDEEP

393216:suvMuK5U0/efCDlfm5uDNgDoD8ux7FIVwfjHRqklgL/2:GdhMCDlfYuWDZ9VGq52

Score

10^/10

Malware Config

Targets

- Target
  
  OURTanks_setup/__pycache__/Xvirus.cpython-312.pyc
- Size
  
  16KB
- MD5
  
  beb75c9eae82e7d19d4338a1d484a67b
- SHA1
  
  822375b853757480ee8c92cf0efda89d33651af8
- SHA256
  
  13608588418d7cf044f2dfef57e10f276422dca41c75687709fc78501a2096e0
- SHA512
  
  f106c26d08ab61fd783e7393bd068d7b7cc4b9fe303f6794d8691286f55e583bcfe5a368209f384dc737fb3fe390594c4e9dc7dc44b53256b21e89cd17891c24
- SSDEEP
  
  192:4EX+Kefggw3VMiJUD2Tml1WjmjK1/xFIr5/DTSkOH7xRT4jR8Wex7MLk:rFkggwr7xRT4OPCk
Score

3^/10
behavioral1 behavioral2
- Target
  
  OURTanks_setup/luncher.exe
- Size
  
  16.5MB
- MD5
  
  b5ced81b5e813002db6506ed957a1e91
- SHA1
  
  d88be246d9584ac0db08d7c823f8e921260a6af9
- SHA256
  
  6aed2932cd52d5e9db74c5a2dbcc4560e21bbdcc4b2f2d8b1a7340c58b42e2ae
- SHA512
  
  38d26e02f29c06fb8978274120602896e231fb2bb8312facdff2a57c4ccf9d2f3582e650ff2b761454bfb7106dab7284e85b536cca71ec3ea9beadafb26f156b
- SSDEEP
  
  393216:6Ek4gf8gySo03kiJoX1+TtIiFGuvB5IjWqn6eCz1Rf9XHWHSSD:6wbgto03kiuX1QtIZS3ILn6ewf1aSSD
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral3 behavioral4
- Target
  
  OURTanks_setup/util/__init__.py
- Size
  
  702B
- MD5
  
  d315dafea7a144be416a544d993f1f21
- SHA1
  
  b3ce60f1e5818d7f06ad31ed5ab615633808d2ec
- SHA256
  
  7e6f34bc5a3d996efbf6e105ebc3d437af888a389c6b6034128b566ebaeb12a3
- SHA512
  
  e701514bf9c5430b654cccd39049acda7e6fa6bd1a95ece193741ecc35ba2d9747eaad097e2501430aa2037fec23c2f740d08d71763c138f6384d7432f94a208
Score

3^/10
behavioral5 behavioral6
- Target
  
  OURTanks_setup/util/__pycache__/__init__.cpython-312.pyc
- Size
  
  837B
- MD5
  
  c8b64591d4e68e0551bed7e0f9d714d9
- SHA1
  
  74f7b3959fa0426b6525a8b7f9fc1784f89cf5d8
- SHA256
  
  3d8a1974483dbe3cefdb7216e935e578028949d4097ec5ead1ffaf59b7ff0e68
- SHA512
  
  56f2a5ccb71e94f79ac3973806135c6e40fd89d64db4c2b697d38bd382eb312e6fae7fb57be81ea8e498b90258fb5fd425f622d742a4bb58993283fd99b83bdc
Score

3^/10
behavioral7 behavioral8
- Target
  
  OURTanks_setup/util/options/__pycache__/bypass_rules.cpython-312.pyc
- Size
  
  1KB
- MD5
  
  9ef1b0ba1a0f21fd8e890ce05505d3db
- SHA1
  
  3e06fd3b437cfecf12873cfff25851d4a75a76e1
- SHA256
  
  cc4609b3f51e9f723d7c6c649a332b5fec0e755a89bd4be685835a8de985d5af
- SHA512
  
  ee32a4b4b427eecd4af7919f355acadb4e769bd46c5f4019095c5bca21bac3808d0c0dceffb406bfe0a4ee69df3ba86eb9dfd9d0c166f3c6c1c79c4cc44a49ed
Score

3^/10
behavioral10 behavioral9
- Target
  
  OURTanks_setup/util/options/__pycache__/channel_spammer.cpython-312.pyc
- Size
  
  8KB
- MD5
  
  f7c9285204e0a031610fbaed495242b4
- SHA1
  
  aa98d9dd0792922b91e0faeaed6a8201000a75c1
- SHA256
  
  78806af117b7857c94940b705798ff9b79f7764ab1e9a134a78d49b20a0b51ef
- SHA512
  
  6a40c253e3494ad6572e6adfbe280c45d7440afe4c642091c7d73461f5fb9e8edf0410a8d96a345586aa6d5fc8e74f2cf5c74745af9c6c6e09e152c05c1aaf4c
- SSDEEP
  
  96:DcpXmf1OVvmN9D7kbzncFjUlX6SFrGwlqFAhgf62:kXmf1OUz2KolXJHUFA2f62
Score

3^/10
behavioral11 behavioral12
- Target
  
  OURTanks_setup/util/options/__pycache__/hypesquad_changer.cpython-312.pyc
- Size
  
  1KB
- MD5
  
  f1df7fb409caf9a9b7c42b31fecc71a5
- SHA1
  
  a86e672751e8acf12eb9344771c62c575658fc1c
- SHA256
  
  18c129298800ea31f0f40dc2d7087df245a310a550fab79e65c88aa144c99735
- SHA512
  
  62d03f1f23da0aeeb90af294d34e470ad7ccc0f8b75fc587fafad8ff14bb38893a5d403d9b3e7a4b72c8961c842328ef8cf663333e564dd80475fbccfe9770e9
Score

3^/10
behavioral13 behavioral14
- Target
  
  OURTanks_setup/util/options/__pycache__/mass_report.cpython-312.pyc
- Size
  
  1KB
- MD5
  
  cdbd1baee2bff8077ad0b5745ad6a388
- SHA1
  
  cb55c028ed06f401efcc7df714d355b320c1b417
- SHA256
  
  62aa1bb2d2bb8cd78da6d637a66d7cb95bad207d54f19dde660f85b929d81554
- SHA512
  
  1ffa6fb064097dd13e3155cde56c5fb6a09797d2d14e3c6e6b201f124c36a3a3c9d7b86bfe4d2ab65c7736c876ebfc808971253a24ca5a50446dc3453607e1b4
Score

3^/10
behavioral15 behavioral16
- Target
  
  OURTanks_setup/util/options/__pycache__/soundboard_spammer.cpython-312.pyc
- Size
  
  2KB
- MD5
  
  049db9ca97a83a2f5b45e08982078951
- SHA1
  
  85508549e3aea7f7acd7e9bd9527c5ac336d754c
- SHA256
  
  5817ddd8c25aa8816819e6ccb3f881a3058b741d875852c9735e39550d9eda39
- SHA512
  
  dde7518373431f8907a40bc24e4a39b8ff70fdbb9db236c17fe378c9584f0e07b5f78596845a27896e66bc8d62b27b51ca56f9c5f5c9dd3ab2bdea4850dbfd76
Score

3^/10
behavioral17 behavioral18
- Target
  
  OURTanks_setup/util/options/__pycache__/token_bio_changer.cpython-312.pyc
- Size
  
  1KB
- MD5
  
  a6e1f806cff896c1e9299045c49bea4d
- SHA1
  
  f7f53607d50ac77de781b3ba86c7d6f1672704f0
- SHA256
  
  cfd2ea4fd4bc16750e8cbff7b4a5bad6e2a784b20a60f4ac7c0af8adeaee93de
- SHA512
  
  926d9ce5a5aa3fdfaa5bc4f0a6bf294f625af668cca35549cb8b9a891a377443695e69d7e16635da257d29b22b1f5ca2392a9ccd5a5f47dd7964f395b3cdb02a
Score

3^/10
behavioral19 behavioral20
- Target
  
  OURTanks_setup/util/options/__pycache__/token_checker.cpython-312.pyc
- Size
  
  4KB
- MD5
  
  d2e05ef232dd57c7a4a1cb68945626b7
- SHA1
  
  74e0e8be8324e6514af5258f8a120e8adf216bb2
- SHA256
  
  cfc94bcb6ed63782a76c686c22d7afe19906fb30145cc0f73bfa53b97f9f4286
- SHA512
  
  bff05b0569893b8a460e20f7df6a5fa049849347b5e6a0d5b91e77560a31deafee86ff757f873d20935cc78ab82dd004acfae715f2be3c213d102f31a956a21d
- SSDEEP
  
  48:0SLu0U/5ARe/Y3dBdwf8KDhIEjPRIdfEb+n7HEqh5PNA659GPwt5fSJYaJL2TOhx:RuLse/Cb+pJJ/Cn7kqVjLfP+SqhsG
Score

3^/10
behavioral21 behavioral22
- Target
  
  OURTanks_setup/util/options/__pycache__/token_global_nicker.cpython-312.pyc
- Size
  
  1KB
- MD5
  
  b5ae85d31dfd221f72d18250d01ee270
- SHA1
  
  4b760d29248f2819505d51f9c140b2d40409b1e2
- SHA256
  
  1daeefa98f66ac1312fde4764b2896e423d9e1239ce3d06acd1f7846dd918872
- SHA512
  
  7ffcef3b6166946e9f14832532393e1fad82082df53af5dcad0249390c60aff7a035a7703080ca45aca583e20135ade5845e2da6e963773324ee7ece31349432
Score

3^/10
behavioral23 behavioral24
- Target
  
  OURTanks_setup/util/options/__pycache__/token_joiner.cpython-312.pyc
- Size
  
  1KB
- MD5
  
  e0a931c9910e3c2040f2726eeed34fbe
- SHA1
  
  9e7c2dd8c871500724348a613ce07bdd67a1bdbd
- SHA256
  
  f208b017d6ac8611c21765f6bb815efba2371d6db4663c474638371b28cd8d9b
- SHA512
  
  a7bc6b918641355526f58f233e1cac8ce7b3f0ae9554b2c776141eadc054fee0846edad301a857626841cdb4689bfd7542e3f319e79b11b99ee2d4160ce4d74f
Score

3^/10
behavioral25 behavioral26
- Target
  
  OURTanks_setup/util/options/__pycache__/token_leaver.cpython-312.pyc
- Size
  
  1KB
- MD5
  
  d4fc3628d46ad144713a742fa4f9df35
- SHA1
  
  c9d491896dfff42460600084b3b960ed616c6997
- SHA256
  
  6cb7f7efe67f7205ae622557bfc812980bdec3472c5cc9f73ee1badb7306087a
- SHA512
  
  bfe902a7eee3991ad402df61e70e978a3ca82c3f6533985f5f2e8ced9bab380054d0efb25c67581f5ef114b950bad6cfa6447dcd249bbcc2ab144f46f3d8546b
Score

3^/10
behavioral27 behavioral28
- Target
  
  OURTanks_setup/util/options/__pycache__/token_pron_changer.cpython-312.pyc
- Size
  
  2KB
- MD5
  
  4467e2d984dd541ed78ccbc53fcfaf73
- SHA1
  
  42e39dc56041b89e8249a4fcb43ebbb6fedf61db
- SHA256
  
  270f5bc168ad83dac173c96fed8158d5655fd468c96d2485ae18986779d77a0f
- SHA512
  
  96d7603a99c8f560d4be98237dc1133a0adb94c26538e9e366642600dcef7220963def117ce8c5d781742b98b2903e32e17c78b0f2c7fa2b287e39ff0e09b796
Score

3^/10
behavioral29 behavioral30
- Target
  
  OURTanks_setup/util/options/__pycache__/token_saver.cpython-312.pyc
- Size
  
  6KB
- MD5
  
  690ad92cfcfde113e8377cd06538f4be
- SHA1
  
  472d8ec23ffc5efcd53afc882340047dfba473e5
- SHA256
  
  27ecc38d568c23e5774eb9ca5195ce5b60193f489dc0b565958051570099dce0
- SHA512
  
  436d64987d4353c3351a66eb6edfa17ad3e2282614758949e12b94dcd28b1d3f5216576161fad18ab2607236f6f7498c08502629620a890bcacdea372c07b2e9
- SSDEEP
  
  96:NH1lrT3yVoeaoOdeRR1A/RBkqSC7YWfP+aqr6swtL:tfTkS/Hk3rWX5qr/c
Score

3^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Process Discovery

T1057

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Drops startup file

Loads dropped DLL

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32