crealstealer | a69d061a91d9c159b957e89ee547c285e803030e40d9ab8f9a0d8ec88bf95559 | Triage

Sharing

General

Target

snaphack.exe
Size

13.8MB
Sample

240227-hqcpcabd7z
MD5

06f5caf0ddf8b1e3033d83d358d97631
SHA1

9f867ea09185e9159cb91cd9aac8af7c2e525fd8
SHA256

a69d061a91d9c159b957e89ee547c285e803030e40d9ab8f9a0d8ec88bf95559
SHA512

74a4ba7f1a2475c4be1e6d3f2f3bf537f15a995485b1260f3d65eb8b0ca9c4b86d8fcdaad15dc8bb2dc250bdd4599387a727089a422bd11e6c6034acf01c16cd
SSDEEP

393216:riIE7Yo5D2nwW+eGQRIMTozGxu8C0ibfz6e57F1bmXdWCNx+:Y7r5DawW+e5R5oztZ026e5XkVN4

Score

10^/10

crealstealer pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  snaphack.exe
- Size
  
  13.8MB
- MD5
  
  06f5caf0ddf8b1e3033d83d358d97631
- SHA1
  
  9f867ea09185e9159cb91cd9aac8af7c2e525fd8
- SHA256
  
  a69d061a91d9c159b957e89ee547c285e803030e40d9ab8f9a0d8ec88bf95559
- SHA512
  
  74a4ba7f1a2475c4be1e6d3f2f3bf537f15a995485b1260f3d65eb8b0ca9c4b86d8fcdaad15dc8bb2dc250bdd4599387a727089a422bd11e6c6034acf01c16cd
- SSDEEP
  
  393216:riIE7Yo5D2nwW+eGQRIMTozGxu8C0ibfz6e57F1bmXdWCNx+:Y7r5DawW+e5R5oztZ026e5XkVN4
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

pyinstallercrealstealer

behavioral1

behavioral2

behavioral3