crealstealer | 2fb79ccffc743846213eb5c45e4c0eb6a79439769d5d53ae57459742440c8693 | Triage

Submit
Reports

Overview

overview

Static

static

StormLab_s....8.exe

windows10-1703-x64

7

Sharing

General

Target

StormLab_setup_5.2.8.exe
Size

17.2MB
Sample

240401-dhrfbacc44
MD5

c84ba7acd74c4fd0db833bb6e4d58a89
SHA1

ed81f8fb2a97688a7edbb062da0a3919dc6cc947
SHA256

2fb79ccffc743846213eb5c45e4c0eb6a79439769d5d53ae57459742440c8693
SHA512

07e20cb781725e0651154e322f27353fd1e44f1adc007cc4e0307fb32e45c7a88089d73547ee23b6a40e2a7b21298cc8701dca47b5147303067d6fbf5f72f0d0
SSDEEP

393216:WiIE7YoPQMRHi+2ohcyLbdQuslSl99oWOv+9f+wC4O2jTX6w:X7rPQKHiRyc0bdQu9DorvS2wC4RTr

Score

10^/10

crealstealer pyinstaller spyware stealer

Static task

static1

pyinstaller crealstealer

4 signatures

Behavioral task

behavioral1

Sample

StormLab_setup_5.2.8.exe

Resource

win10-20240221-en

spyware stealer

windows10-1703-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  StormLab_setup_5.2.8.exe
- Size
  
  17.2MB
- MD5
  
  c84ba7acd74c4fd0db833bb6e4d58a89
- SHA1
  
  ed81f8fb2a97688a7edbb062da0a3919dc6cc947
- SHA256
  
  2fb79ccffc743846213eb5c45e4c0eb6a79439769d5d53ae57459742440c8693
- SHA512
  
  07e20cb781725e0651154e322f27353fd1e44f1adc007cc4e0307fb32e45c7a88089d73547ee23b6a40e2a7b21298cc8701dca47b5147303067d6fbf5f72f0d0
- SSDEEP
  
  393216:WiIE7YoPQMRHi+2ohcyLbdQuslSl99oWOv+9f+wC4O2jTX6w:X7rPQKHiRyc0bdQu9DorvS2wC4RTr
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

pyinstallercrealstealer

behavioral1

© 2018-2024

Terms | Privacy