crealstealer | d7407d5dd0dca80aa9798ff6aaa10635474feab533b7e6db87d759abf69f1ee8 | Triage

Submit
Reports

Overview

overview

Static

static

NSFWGEN.exe

windows10-2004-x64

7

Sharing

General

Target

NSFWGEN.exe
Size

13.8MB
Sample

240223-ggwkescg33
MD5

638d136547ece9e4f282d62aa6562a07
SHA1

19ba1d25332fac7c3fe7bf0eae2ad3520fded5db
SHA256

d7407d5dd0dca80aa9798ff6aaa10635474feab533b7e6db87d759abf69f1ee8
SHA512

e1c2f4a6ffff124c5a7cece7a48be026f1098708376f3e03d46f2e8a0f35e05d223da05b78ef3417422d62ce9feaa137241b0f879b731f63b2c1cbaafebc3323
SSDEEP

393216:hiIE7Yo5D2nwW+eGQRIMTozGxu8C0ibfz6e57F1bmXdWCNx+:O7r5DawW+e5R5oztZ026e5XkVN4

Score

10^/10

crealstealer pyinstaller spyware stealer

Static task

static1

pyinstaller crealstealer

4 signatures

Behavioral task

behavioral1

Sample

NSFWGEN.exe

Resource

win10v2004-20240221-en

spyware stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  NSFWGEN.exe
- Size
  
  13.8MB
- MD5
  
  638d136547ece9e4f282d62aa6562a07
- SHA1
  
  19ba1d25332fac7c3fe7bf0eae2ad3520fded5db
- SHA256
  
  d7407d5dd0dca80aa9798ff6aaa10635474feab533b7e6db87d759abf69f1ee8
- SHA512
  
  e1c2f4a6ffff124c5a7cece7a48be026f1098708376f3e03d46f2e8a0f35e05d223da05b78ef3417422d62ce9feaa137241b0f879b731f63b2c1cbaafebc3323
- SSDEEP
  
  393216:hiIE7Yo5D2nwW+eGQRIMTozGxu8C0ibfz6e57F1bmXdWCNx+:O7r5DawW+e5R5oztZ026e5XkVN4
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

pyinstallercrealstealer

behavioral1

© 2018-2025

Terms | Privacy