crealstealer | 3035c47e04d09da3dd80e050067265d2e848cc5682b8a90b2f0c166a0835c9e9 | Triage

Submit
Reports

Overview

overview

Static

static

SiVenuza/SiVenuza.exe

windows7-x64

SiVenuza/SiVenuza.exe

windows10-2004-x64

7

Sharing

General

Target

SiVenuza Executor.rar
Size

14.2MB
Sample

240224-ep2ejahf2w
MD5

90345f71a3520010b1a752df6c1dd0de
SHA1

2fe4330ef2830e639c4e4ef5e791e8edc975b179
SHA256

3035c47e04d09da3dd80e050067265d2e848cc5682b8a90b2f0c166a0835c9e9
SHA512

7d3e05da1aae5c49a5fe8ce0606deebfb5831343b19279cbae21df330768dff1452561287d0584d40658eb477bc2ec97cd999d7b120c38ff3a1ef168de83bc23
SSDEEP

393216:sE8mykzBYFD8Z2Qp0ZERkRKq2AMobcVwmvS0wbTLl9kA1WFmBV1Ax:sXBkz6d8g5ha3ooVwmFwbTLkNBx

Score

10^/10

crealstealer pyinstaller spyware stealer

Static task

static1

pyinstaller crealstealer

4 signatures

Behavioral task

behavioral1

Sample

SiVenuza/SiVenuza.exe

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

SiVenuza/SiVenuza.exe

Resource

win10v2004-20240221-en

spyware stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  SiVenuza/SiVenuza.exe
- Size
  
  14.4MB
- MD5
  
  d0057a37df09b6c75dc88dd3f3ffdd6e
- SHA1
  
  a4d10c99c009068982a10d866821909e6bf4051e
- SHA256
  
  2c3e404f0415aedb33ba56df661d8870ec9638718cd27e0e91c2f33539e57601
- SHA512
  
  ce2fed6b0c32338b2d5976bbf367c004fb60711f80e32010975279f28a4b66e7b7096e6f6b8d2797faab47bbad2246060194a71c62325bc2c430578176a6c026
- SSDEEP
  
  393216:Su7L/sQQndQuslSq99oWOv+9fg1XsF4Wr:SCL0QQndQuSDorvSY1ON
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

pyinstallercrealstealer

behavioral1

behavioral2

© 2018-2025

Terms | Privacy