crealstealer | 7d8f73ced906313777bdf50b173ab35b6281cf4c79ad48a4bd4e71c908e7a54a | Triage

Submit
Reports

Overview

overview

Static

static

StormLab_setup.rar

windows10-2004-x64

7

Sharing

General

Target

StormLab_setup.rar
Size

16.6MB
Sample

240317-nz3vsaec21
MD5

ce18b3945b25bbf690fe99a90f2aa1ad
SHA1

321ccba1d4b9179ad03dd31bb3e48c056caa50a8
SHA256

7d8f73ced906313777bdf50b173ab35b6281cf4c79ad48a4bd4e71c908e7a54a
SHA512

60609c850c17041c1e0dc640382115f1c5c9a3a4e02920534fa4e88ac5791ba87f030f97d149aa18a3ba6ae1ab1b2c296fb7a484000c448cebc9dc815e720a5d
SSDEEP

393216:0wZlBgSuHSA7Jd0rssYDVXcmUzXoE0+ydwN4ir/t8SP2esTVn2l9y+UO6:nTBgSuP7JEsHVX3UToEjydwN40/t8SP4

Score

10^/10

crealstealer pyinstaller spyware stealer

Static task

static1

pyinstaller crealstealer

4 signatures

Behavioral task

behavioral1

Sample

StormLab_setup.rar

Resource

win10v2004-20231215-es

pyinstaller spyware stealer

windows10-2004-x64

17 signatures

300 seconds

Malware Config

Targets

- Target
  
  StormLab_setup.rar
- Size
  
  16.6MB
- MD5
  
  ce18b3945b25bbf690fe99a90f2aa1ad
- SHA1
  
  321ccba1d4b9179ad03dd31bb3e48c056caa50a8
- SHA256
  
  7d8f73ced906313777bdf50b173ab35b6281cf4c79ad48a4bd4e71c908e7a54a
- SHA512
  
  60609c850c17041c1e0dc640382115f1c5c9a3a4e02920534fa4e88ac5791ba87f030f97d149aa18a3ba6ae1ab1b2c296fb7a484000c448cebc9dc815e720a5d
- SSDEEP
  
  393216:0wZlBgSuHSA7Jd0rssYDVXcmUzXoE0+ydwN4ir/t8SP2esTVn2l9y+UO6:nTBgSuP7JEsHVX3UToEjydwN40/t8SP4
Score

7^/10

pyinstaller spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

pyinstallercrealstealer

behavioral1

pyinstallerspywarestealer

© 2018-2024

Terms | Privacy