crealstealer | 289df940c28b79a4a7df36df211beb87fec948bd2e1096192564902e196a5499

Sharing

Copy URL

Twitter E-mail

General

Target

ExitLag.rar
Size

16.8MB
Sample

240227-n4wbhagb24
MD5

37dbdfb41aac4d3fe2dcfcfc34ac2dd3
SHA1

d24244fe5474361337c61a32270226088875e853
SHA256

289df940c28b79a4a7df36df211beb87fec948bd2e1096192564902e196a5499
SHA512

7bad858a505a15c0d17b85cb761ecb1debcfa9ecdced14ad7f476118207bf37b20a9ab53f47a1191260c9658be0ea8268c0cd17cc3d3d0411d3d405e0e716987
SSDEEP

393216:gQWPobf+mdWn/FHzP5KcyOKmTE/XrRdFLR1QWZ2jqIF9X2DU:4Poz+mEn/5zILm2ra2I72DU

Score

10^/10

Malware Config

Targets

- Target
  
  ExitLag.rar
- Size
  
  16.8MB
- MD5
  
  37dbdfb41aac4d3fe2dcfcfc34ac2dd3
- SHA1
  
  d24244fe5474361337c61a32270226088875e853
- SHA256
  
  289df940c28b79a4a7df36df211beb87fec948bd2e1096192564902e196a5499
- SHA512
  
  7bad858a505a15c0d17b85cb761ecb1debcfa9ecdced14ad7f476118207bf37b20a9ab53f47a1191260c9658be0ea8268c0cd17cc3d3d0411d3d405e0e716987
- SSDEEP
  
  393216:gQWPobf+mdWn/FHzP5KcyOKmTE/XrRdFLR1QWZ2jqIF9X2DU:4Poz+mEn/5zILm2ra2I72DU
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  ExitLag-Crack-2024.rar
- Size
  
  16.8MB
- MD5
  
  e9c1d40c943c9d02036b2a960021fe1c
- SHA1
  
  78fa2e32dc1110725077c8cfeafd934697d2d77b
- SHA256
  
  e3484f00f0ab4e16a6dbddcb90e32dfb22986edcc98685a25c04d062143ab82e
- SHA512
  
  9d3eb571799ebc1798ccd2f9f7c09824b7e4143a192becf247b30f10e2c4ad2934da06997be11b02842ff9384bc7e191675684402beddb9978d0336c438b4b75
- SSDEEP
  
  393216:KOnumrxH7hjew1YxkQAl9SGlY/niqRS7q8rot+QFN2XanQhv:K2vrx7hjVYxxO9SGlY/itLoUo2Xauv
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  ExitLag-Crack-2024/ExitLag-Main/.metadata
- Size
  
  305B
- MD5
  
  e6784095dc1a554cacf0bb934434b3a6
- SHA1
  
  4c4c7363d9cf6d84a41909cce9d3743762e5945d
- SHA256
  
  5143a6fb213dd024294edc05ac1782c19be8dddab0c57d63ba7e5b5f8e5b69cd
- SHA512
  
  9ed40291778a162a6e102c44569adc5588024ca82446bbe717cc5b2db004f2da0a78f10cecfd3bcccf1346dffc38b5d422f3c2bea0c2895221c5cb2b0d96047e
Score

3^/10
behavioral5 behavioral6
- Target
  
  ExitLag-Crack-2024/ExitLag-Main/ExitLag.exe
- Size
  
  17.3MB
- MD5
  
  e899953337c3f9a3dd46b64b6b0c6fd5
- SHA1
  
  23d3ef9a34411c0823059c2b8c1895f730db657b
- SHA256
  
  37fe6ee0b920eb7251b83bd278b49610c37ee11695f3ac83e4df211e11729d36
- SHA512
  
  376a0443d6dbce0cbad02f8acc97d8c9c1dda88994e89b5537ef42cb88f98dbd2826b3a05e727f46cd95105caca155e80a034879bd4b93a02814c1539c0af5a9
- SSDEEP
  
  393216:gx8/m3pWBJHDspUTLfhJtDfDgrc6XhTcl5dpfe:gmK0YUTLJvb0IQxclPpfe
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral7 behavioral8
- Target
  
  Creal.pyc
- Size
  
  32KB
- MD5
  
  9fde4339f5d098fa2aeb2a5bb4fd43c0
- SHA1
  
  371247fdf3b7325c9f3b28cd892eff1d1d5ecc22
- SHA256
  
  a91698a31e04a3fcc3ae58a70495ba00108c92a582ca85d93a93f92f0376750f
- SHA512
  
  e39ecd8bd5994aae703ca8b8941bfb7ac7fd4f107dc311dbffc507905e2b94c3a182f7f6b6fb8b6b29ce0fba81d3fbc1c5e5d2b502ab617f2e9cd916c759e7ce
- SSDEEP
  
  768:L8jnr/2VsfNEiyAuAfKFMrRtfqtvEwS7bnjerAroaHDsIAvN8YC06X:IDrDe3aKFcfDwS7fOPviYD6X
Score

3^/10
behavioral10 behavioral9
- Target
  
  ExitLag-Crack-2024/ExitLag-Main/TUTORIAL.txt
- Size
  
  1KB
- MD5
  
  17a947fa569e26d9a622d2a49a2d8c84
- SHA1
  
  37abb6cb48064639a456690969cb884c47344158
- SHA256
  
  62bc7ce59d2c88151e0216cf9b91becb7f7e2ac4833d3fc9588a8f6d8c8cc93d
- SHA512
  
  027e6435ae13dfdca6aa0e5f8ff95237628c877d6d8ee6fdcb22cde16b5dc4f574de1ca76b24f7e96d54e5d18e9d339b3f035ab000e5e399eec5567f2b13831b
Score

1^/10
behavioral11 behavioral12
- Target
  
  ExitLag-Crack-2024/ExitLag-Main/lib/emailBilgileri.dart
- Size
  
  76B
- MD5
  
  20c84579584fcd8ed7ad34ffb89c22a5
- SHA1
  
  a9371450bdfbd187ef940b4b23c39d2dfdf3612c
- SHA256
  
  6d7787a7844a75131970860d231f836dcd9e9332bb960492614091ea511cd04a
- SHA512
  
  1c25b3a0f9aed875068b0d4e76aa6b471498aaafcc5d03bd22f4ebf4f622dcbd26fa404f7ed97f3f383e68e91620587395dc8c174e592b8a898c7d517146da82
Score

3^/10
behavioral13 behavioral14
- Target
  
  ExitLag-Crack-2024/ExitLag-Main/lib/firstPege.dart
- Size
  
  9KB
- MD5
  
  02f88d89881c384999a7c74bea9d76eb
- SHA1
  
  45bc2c53e9e21982e0b4008819b9157dca97c247
- SHA256
  
  7c6fcfb4644926dc1cc206b14916d639913fa7ca14b16c2e5bf25931922db051
- SHA512
  
  7024cc63aa37dea9893c446f1943c665aa7b582c97dc7e945f070286ebd69d7677ef9d8decd7bde7e6b04292ac00eaf119700b6cd3a91622a3c86a5fa94d4b16
- SSDEEP
  
  192:wxwNdhOhQAotI/AILqtfA9B/AoPLbtfAo/AHLUw5J0G0Q:ewNdEXotIo9tI7ootIooV5J0W
Score

1^/10
behavioral15 behavioral16
- Target
  
  ExitLag-Crack-2024/ExitLag-Main/lib/login.dart
- Size
  
  5KB
- MD5
  
  e5ddd907e0aacdd154ff6b297dd66799
- SHA1
  
  8e7ce65579875fb367895a7534d550df9f104cd0
- SHA256
  
  bdb1eee36ab0eede0e9bbba1255da46d5a4ea9fd04a6a2a510c6d1017c42d5d7
- SHA512
  
  9eb56d23a1c4013c6fe8bd938d90b2aed21424f85afcc1fd67a2533536294debfc85a3f7c408e31c0abc16730ccffb82b6a0874d86cad241ef171c74e95b75f2
- SSDEEP
  
  96:2eFuImd8LQwOv4KJhMxP8DUj4f4zB4X40MOwwLVu:2eFAdmQwR+UxpHwLVu
Score

3^/10
behavioral17 behavioral18
- Target
  
  ExitLag-Crack-2024/ExitLag-Main/lib/main.dart
- Size
  
  388B
- MD5
  
  4157e54d00fbda4633e1126b6076a1ec
- SHA1
  
  d6a1cc3d2e27328a0f240a73d2ee906a68e9eedd
- SHA256
  
  9fe2b16628aa5a49a37fc7aab3d97b834da9166d09b839bd392047d4ebc78368
- SHA512
  
  a23942ae474fb7dd0020b04940eab8bec796a13cbfc7e955777c3224a50c13bba20d3e13fecf49d4bdce93cbeab1b016f99bc787f5e6b118f3b65fd410839e0d
Score

3^/10
behavioral19 behavioral20
- Target
  
  ExitLag-Crack-2024/ExitLag-Main/lib/passwordForget.dart
- Size
  
  8KB
- MD5
  
  80a58471a9c5424de1c069d21d63a814
- SHA1
  
  2090012ec25070fe8b610e466043e37129037732
- SHA256
  
  716504062d9507d3a2cf6f23323e44b8f042b96a9edaa9771af98a21220c0b4a
- SHA512
  
  637faffbc1d77d7eeafbf8df4232a9431ec2ad873e6c864ccb5710b96bb78f3f1f06e00f8a5fcfe5af3376749ff24c2f499c287529f9ec5ac7f9b9dcaeaeea38
- SSDEEP
  
  96:3ex+0cLLIwu3s4ShZXM5YGzh4/444/4CMehhVeWbAyMpRXFoz9Aq:3JIwQXyCAMYWbADTVohAq
Score

1^/10
behavioral21 behavioral22
- Target
  
  ExitLag-Crack-2024/ExitLag-Main/pingset.metadata
- Size
  
  305B
- MD5
  
  e6784095dc1a554cacf0bb934434b3a6
- SHA1
  
  4c4c7363d9cf6d84a41909cce9d3743762e5945d
- SHA256
  
  5143a6fb213dd024294edc05ac1782c19be8dddab0c57d63ba7e5b5f8e5b69cd
- SHA512
  
  9ed40291778a162a6e102c44569adc5588024ca82446bbe717cc5b2db004f2da0a78f10cecfd3bcccf1346dffc38b5d422f3c2bea0c2895221c5cb2b0d96047e
Score

3^/10
behavioral23 behavioral24
- Target
  
  ExitLag-Crack-2024/ExitLag-Main/setconnection.metadata
- Size
  
  871B
- MD5
  
  739c02f536fc6506341922abcc20d208
- SHA1
  
  773e4ec44dc8a3c62952c490516200131969338c
- SHA256
  
  6bb72a6b42c16886d9ff82f125beac4635e51e630bb974e5b2118cfbd0eb9176
- SHA512
  
  5ae575369d02b0a8ffaeafd1beeb9a92d47991260fdbd4fdeec28c9b9c3bf7df1e96bf00221fb0ac961ab81d72f704f0f70d12a7697bf057b0ee825f6eab40ba
Score

3^/10
behavioral25 behavioral26
- Target
  
  ExitLag-Crack-2024/ExitLag-Main/setup.bat
- Size
  
  33B
- MD5
  
  cecdbcd742db673b3e6baefb127401df
- SHA1
  
  82ac4014b27094f5376b89f1ade998e5e8e297c0
- SHA256
  
  680553b459d0e730ab9260109dfab454d34dbfcf1223cc70d6d1eefd1e578c8e
- SHA512
  
  1d06a49c616b99cc7c7e19098a76cf07f8ec62cc7085d8dc6d4976e7c17e44e27d5df4c2c8421bc4242b6f46fba63b339b097fb5018a566bfe34b23070a24b2d
Score

7^/10

spyware
- Drops startup file
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral27 behavioral28

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Checks computer location settings

Drops startup file

Loads dropped DLL

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Drops startup file

Loads dropped DLL

Accesses cryptocurrency files/wallets, possible credential harvesting

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28