0161aaed3bbae62d78367cb6bf5b4a2e73df7da1e4fd92bd6e6751672fc694cb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0d6596bf24fc804d80c592606d3a98b6.bin
Size

20.8MB
Sample

240312-blsrfabf71
MD5

0d6596bf24fc804d80c592606d3a98b6
SHA1

16c5f893a43a2449830a1d6e1fc734ff43828cc6
SHA256

0161aaed3bbae62d78367cb6bf5b4a2e73df7da1e4fd92bd6e6751672fc694cb
SHA512

fcb48e3041f30feace78bc0133e17d41e850c939956c796eca50040f31f044244ec2a065ef238b6f5cb10c5ece140204c21398cd6fb8763bad15a29e56c16c23
SSDEEP

393216:4TfYZMzUNGMrzAkCOdvftPm6q7yiS2O88GS7WoS5pTj4fsM:ufVzUNGrMxFmpZS3jioGTjEr

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  creal.exe
- Size
  
  21.1MB
- MD5
  
  b2959e5fcf4879d086828926eafaeda1
- SHA1
  
  0e7d7c55ade0305fa75b4e1638074e9e5e5da902
- SHA256
  
  93c82bee64a11e5b7482d8fabc0b9a1caeebb2eb30851c66d9f48ad3474c8124
- SHA512
  
  69a32e0819e93d534724edbe6323285447eb71a32b23a2298c7b41d466d22a3dc7f77c3a6724cd3cd2e45eb0d8f549fa3baba40fb8548763c1340e55964bf3ca
- SSDEEP
  
  393216:7EkZQtsZP8AxYDX1+TtIiFA/Ikco5r6oIOK95qYv7:7hQtsiX71QtIP/IM5eoty5qE
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2