crealstealer | f7a943ecd80633da1e52538b56dadb6e8ab6cbf7a7cd5005b58ce1a844cb02fb | Triage

Sharing

General

Target

TR4SH.exe
Size

21.2MB
Sample

240301-rdl7pagg89
MD5

c069d10ecdfd8a24d4718cc882a6ea3c
SHA1

11fed76430d553b1a91146b17922fd11b32c815f
SHA256

f7a943ecd80633da1e52538b56dadb6e8ab6cbf7a7cd5005b58ce1a844cb02fb
SHA512

6097a62ff864866d2050071cde2566540a78394ef1dae92197250f708cdb21d41e0a6f6203508401b9503d2a0e6911dfc721ec881e910d5fb64e730b728f1b0a
SSDEEP

393216:rzQtsfh5mKmr2pu0tTkQETS8vJQn+9PWkA75umhTdbgDqxMwsQkd:rzQtsfXmKmr2puIYQEW8hQ+ZWl9Jb0wS

Score

10^/10

crealstealer pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  TR4SH.exe
- Size
  
  21.2MB
- MD5
  
  c069d10ecdfd8a24d4718cc882a6ea3c
- SHA1
  
  11fed76430d553b1a91146b17922fd11b32c815f
- SHA256
  
  f7a943ecd80633da1e52538b56dadb6e8ab6cbf7a7cd5005b58ce1a844cb02fb
- SHA512
  
  6097a62ff864866d2050071cde2566540a78394ef1dae92197250f708cdb21d41e0a6f6203508401b9503d2a0e6911dfc721ec881e910d5fb64e730b728f1b0a
- SSDEEP
  
  393216:rzQtsfh5mKmr2pu0tTkQETS8vJQn+9PWkA75umhTdbgDqxMwsQkd:rzQtsfXmKmr2puIYQEW8hQ+ZWl9Jb0wS
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2
- Target
  
  TR4SH.pyc
- Size
  
  48KB
- MD5
  
  49c8bb4ec04b30871407200bee9a066f
- SHA1
  
  0952360f858a4444699588877cec8b6787c53554
- SHA256
  
  2d124e3dbc66a11d8553c65fc0aea733a5db6088aa5cd8c34a79c092b4e75343
- SHA512
  
  55f425f0ffa3262800b965443419155ed66bc29014105f1a74762f2887f036ca2a40836d2e6aaf337fbfd57f7e882f8471ca171d66ba15cf20896d7d503d81e8
- SSDEEP
  
  768:pAu+/nZtgH7+96XVYVxc8X+9xkIsmzw2QqCBpJS68CZxmtreQM3lU0XnW6z:SW+yVicjjTw2QqCjJJatK93BXnWW
Score

3^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

pyinstallercrealstealer

behavioral1

behavioral2

behavioral3

behavioral4