Analysis
-
max time kernel
121s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
25-02-2024 05:04
General
-
Target
6e0f22d3c54d7680dd7d1a284f546d509a25d4a0e00d534733d23649c1904122.exe
-
Size
13.1MB
-
MD5
ffad668e3893f27d0011b0acbc580477
-
SHA1
23ec45c30d56f48fd70ce794c4ffe8df53d0fc93
-
SHA256
6e0f22d3c54d7680dd7d1a284f546d509a25d4a0e00d534733d23649c1904122
-
SHA512
1930ca8726f0fa9435f84f484dc99d3925308d065a498270fa427241134bbf99d0bba3e58baea71a982a3c585014f4957acaa97a0aea343157cb14ca3a3080ab
-
SSDEEP
393216:SO+TZ1nFOl+bzkCu1tsTmtCyJnQYSvWXr/:SlZ1nS8Du126tCmb
Malware Config
Signatures
-
An infostealer written in Python and packaged with PyInstaller. 1 IoCs
-
crealstealer
An infostealer written in Python and packaged with PyInstaller.
-
Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs. 1 IoCs
-
Detects executables Discord URL observed in first stage droppers 1 IoCs
-
Detects executables containing SQL queries to confidential data stores. Observed in infostealers 1 IoCs
-
Detects executables containing URLs to raw contents of a Github gist 1 IoCs
-
Detects executables packed with VMProtect. 3 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 2 IoCs
-
VMProtect packed file 3 IoCs
Detects executables packed with VMProtect commercial packer.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\6e0f22d3c54d7680dd7d1a284f546d509a25d4a0e00d534733d23649c1904122.exe"C:\Users\Admin\AppData\Local\Temp\6e0f22d3c54d7680dd7d1a284f546d509a25d4a0e00d534733d23649c1904122.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\onefile_1988_133533110646538000\test.exe"C:\Users\Admin\AppData\Local\Temp\6e0f22d3c54d7680dd7d1a284f546d509a25d4a0e00d534733d23649c1904122.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4.3MB
MD52135da9f78a8ef80850fa582df2c7239
SHA1aac6ad3054de6566851cae75215bdeda607821c4
SHA256324963a39b8fd045ff634bb3271508dab5098b4d99e85e7648d0b47c32dc85c3
SHA512423b03990d6aa9375ce10e6b62ffdb7e1e2f20a62d248aac822eb9d973ae2bf35deddd2550a4a0e17c51ad9f1e4f86443ca8f94050e0986daa345d30181a2369
-
Filesize
8.7MB
MD541d138bbf8c88b768893f1e3780ce8ce
SHA1f40316b43a5ae05a57912dcc3e2b85f8c13dd49f
SHA2565792e9ff47f6406510f874b8057db827b82e07f7e5b7857454530c0e9170c13f
SHA5123105670955b9d3ed56c0411ac3d8cb343a187b33def36915e3aa9ecf0e15603c5246541acfe275a458c7f682d28c6f399b582342d120e8e0ff76e75ed8d0d1c6
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
24.5MB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
1.7MB
-
Filesize
24.5MB
-
Filesize
24.5MB
-
Filesize
8KB
-
Filesize
1.7MB
-
Filesize
8KB