crealstealer | 2b9bd18500ea9ff7b8009b09fcd07f1acae0f4ca30c149c6df07be300a6a1ada | Triage

Sharing

General

Target

Amnésia Mod Menu FIVEM-GTAV.rar
Size

14.0MB
Sample

240309-derlxaca27
MD5

e868aa2d95541610149c4675e78dc720
SHA1

a3f61a5a53ca10e5f28b5bad7166a95b785f6ddc
SHA256

2b9bd18500ea9ff7b8009b09fcd07f1acae0f4ca30c149c6df07be300a6a1ada
SHA512

f9c1c658a77c078d4dd1c2720708e84af839f1e34706377c59e8baaa4a81c3693d868ee1751676722c7baba0de583e55e48d2f6ef1525e15f1729a4f7245cc1c
SSDEEP

393216:WGzrlJPj/04gK4p8BKkK4s8pvYsZoSDvcof1:dPArbeAOP9

Score

10^/10

crealstealer pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  Amnesia Mod Menu.exe
- Size
  
  14.2MB
- MD5
  
  9521094215c5767152c92d6c0598b1ad
- SHA1
  
  ae121d8ee401dcba23e5db8fd47d7c51e9dee740
- SHA256
  
  c95d8fd91927aa49039e4a30c78980ae0e7c6794de9f566d6abb2075f9cb5afe
- SHA512
  
  a108a7908d44c192b212485763136fd87d47e90b60b78b7f4228d8dc3eef45e63d588845a5ea334b4447aa07f279a1bdafd4ef6033ba168352fc1836ffce1b7b
- SSDEEP
  
  393216:OEkZgf8Mxq1+TtIiFGvvB5IjWqn6ekWz1QypX8Wjs+da:ORbqq1QtIZX3ILn6ek9yCes+da
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2
- Target
  
  amnesia.sys
- Size
  
  11KB
- MD5
  
  ece894602ee9353cce23dc4ece8a5445
- SHA1
  
  ba600000eb12f543516576035e4bb25dc5628b46
- SHA256
  
  93a516ebdd6bb1fe9dc5951b21fbacdff660997548bbb3df57dba92417caa33d
- SHA512
  
  0ad350f2d52e1b2c6f3b9a76cfcdb29307de22ea19ca71ab6cdea80350882eadb5ccf68d317360924fdd166ebd32eb2997167466c4407a2b5c45f4e6db7acc89
- SSDEEP
  
  192:QreOkMkNIcwT4ZdVynlkR2N6quhu58JLTWY4fuo5XDNboli:weuPnlkR2N6b3LTS0i
Score

1^/10
behavioral3
- Target
  
  jkshdy.dll.bat
- Size
  
  1KB
- MD5
  
  0e94b81e5a0e659e20c323ae9169b4e2
- SHA1
  
  f5073196909937218c7323fcdc68c160b2afdc56
- SHA256
  
  07e1d3a42ac1e36e7ce6faaee7ad3bd85cab10b7a8b3151a39fd1cdbc726db72
- SHA512
  
  14c96290e724d8b8aa6c46c9a4fbb6ad9e7e88653fefed7fb368aac91bce85e4d654e04d94575aaf8eca40dbe6b311647b9f3dbacd7279ba4d2a7c9acfcbb638
Score

3^/10
behavioral4 behavioral5

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

pyinstallercrealstealer

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5