crealstealer | 94c0a9f4adcb87a5705f7ad0776b27ee6471131f21fadad162de21590669f649 | Triage

Submit
Reports

Overview

overview

Static

static

soan_2_2.zip

windows10-1703-x64

7

Sharing

General

Target

soan_2_2.zip
Size

17.7MB
Sample

240227-1kxrfacc45
MD5

8e93520d569a6e2afed2da31224c7568
SHA1

8b45cf1d65ffa2bf061222e2e35d0a3fb4739b87
SHA256

94c0a9f4adcb87a5705f7ad0776b27ee6471131f21fadad162de21590669f649
SHA512

a5e250e2ce0f121de7f5a89ced3a2fd0ddd69d47346c6020351bf9ee13d9522b81e86d08704392ea061fec879d92a785233218365b9db5a97f03a3daa67dccad
SSDEEP

393216:+oecXb9QxDfm4ZXDqgQG/yMWIsbfq4702k6sncVsLGBAYOD6C:+oe0b9QxDfBdDqgFyrIeP70t6snPbDDZ

Score

10^/10

crealstealer pyinstaller spyware stealer

Static task

static1

pyinstaller crealstealer

4 signatures

Behavioral task

behavioral1

Sample

soan_2_2.zip

Resource

win10-20240221-en

pyinstaller spyware stealer

windows10-1703-x64

17 signatures

1800 seconds

Malware Config

Targets

- Target
  
  soan_2_2.zip
- Size
  
  17.7MB
- MD5
  
  8e93520d569a6e2afed2da31224c7568
- SHA1
  
  8b45cf1d65ffa2bf061222e2e35d0a3fb4739b87
- SHA256
  
  94c0a9f4adcb87a5705f7ad0776b27ee6471131f21fadad162de21590669f649
- SHA512
  
  a5e250e2ce0f121de7f5a89ced3a2fd0ddd69d47346c6020351bf9ee13d9522b81e86d08704392ea061fec879d92a785233218365b9db5a97f03a3daa67dccad
- SSDEEP
  
  393216:+oecXb9QxDfm4ZXDqgQG/yMWIsbfq4702k6sncVsLGBAYOD6C:+oe0b9QxDfBdDqgFyrIeP70t6snPbDDZ
Score

7^/10

pyinstaller spyware stealer
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

pyinstallercrealstealer

behavioral1

pyinstallerspywarestealer

© 2018-2025

Terms | Privacy