crealstealer | 176f172959077b7ac0cdf8499dbbe4c322ba5a9a06326f4b9890703830f7353b | Triage

Resubmissions

11-03-2024 18:13

240311-wt84lscc85 10

11-03-2024 18:11

240311-wsr4psac4w 10

11-03-2024 18:07

240311-wqc7rsab61 10

11-03-2024 18:04

240311-wnzmzsab2z 10

11-03-2024 18:00

240311-wlhlpaca96 10

11-03-2024 17:08

240311-vnv45aha3s 10

Sharing

General

Target

UpdateCallRequestsV1.exe
Size

16.8MB
Sample

240311-wt84lscc85
MD5

71a3eba8726f006d0536b4a03d34654e
SHA1

52b5b6a6f51bfcf902eaeaf36f23cb288669c8d7
SHA256

176f172959077b7ac0cdf8499dbbe4c322ba5a9a06326f4b9890703830f7353b
SHA512

67c97473f691831d3240f5a6016b8dc5e8ffa3675607bef10fa75fad70623a1b8ff1814e658aedc952dee8ce4cc19b91479bcb3c00aeff17cf311f91caeee2d6
SSDEEP

393216:OVEkMDOnd0QjTGtDTMW+eGQRCMTozGxu8C0ibfz6eKk7xGb8X6Wkg0:yUDCGuG5YW+e5RLoztZ026eKk0bLg0

Score

10^/10

crealstealer pyinstaller

Malware Config

Targets

- Target
  
  UpdateCallRequestsV1.exe
- Size
  
  16.8MB
- MD5
  
  71a3eba8726f006d0536b4a03d34654e
- SHA1
  
  52b5b6a6f51bfcf902eaeaf36f23cb288669c8d7
- SHA256
  
  176f172959077b7ac0cdf8499dbbe4c322ba5a9a06326f4b9890703830f7353b
- SHA512
  
  67c97473f691831d3240f5a6016b8dc5e8ffa3675607bef10fa75fad70623a1b8ff1814e658aedc952dee8ce4cc19b91479bcb3c00aeff17cf311f91caeee2d6
- SSDEEP
  
  393216:OVEkMDOnd0QjTGtDTMW+eGQRCMTozGxu8C0ibfz6eKk7xGb8X6Wkg0:yUDCGuG5YW+e5RLoztZ026eKk0bLg0
Score

7^/10
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

pyinstallercrealstealer

behavioral1

behavioral2