General

  • Target

    240229-r6rmwacc2v_pw_infected.zip

  • Size

    14.2MB

  • MD5

    fa8fd1113bfe9d429d3371ea60f2c417

  • SHA1

    a964457813121197282b518efb71fbbbda42bb87

  • SHA256

    ad15e741394db88ef7fb88c4b1fce1e83e26bb7150b8c463e4657d510dccc58c

  • SHA512

    cf427bdbf89915605418bc68f6f2f85a515bc8d47a426b33c17911d4c166ac777e927d3bbb1f984578aaf30faae39062fb1c1f4c93e43214a6500509b0a4a686

  • SSDEEP

    196608:gTM2FvNknvPbBSWr06+uPOd++sd6laHhEuyf2vh+YtnGKoDe3V2GFSOYdn+TCAOT:gTM2xGr5+u2dZE9H6DWhHS04GSOYICn

Malware Config

Signatures

  • An infostealer written in Python and packaged with PyInstaller. 1 IoCs
  • Crealstealer family
  • Detects Pyinstaller 1 IoCs
  • Unsigned PE 2 IoCs

    Checks for missing Authenticode signature.

Files

  • 240229-r6rmwacc2v_pw_infected.zip
    .zip

    Password: infected

  • chromewebhelper.zip
    .zip

    Password: infected

  • chromewebhelper.exe
    .exe windows:6 windows x64 arch:x64

    Password: infected

    3ec66149a72734c16cd83df816c0b2b0


    Headers

    Imports

    Sections

  • tool.exe
    .exe windows:5 windows x64 arch:x64

    Password: infected

    1af6c885af093afc55142c2f1761dbe8


    Headers

    Imports

    Sections

  • creal.pyc