crealstealer | c0308e2ea71ff40ce878556504ed644435ec61502bd5d01941ed632ccec029f9 | Triage

Submit
Reports

Overview

overview

Static

static

Exm_Premiu...V2.exe

windows7-x64

7

Exm_Premiu...V2.exe

windows10-2004-x64

7

Sharing

General

Target

Exm_Premium_Tweaking_Utility_V2.exe
Size

16.0MB
Sample

240422-t1gltsde91
MD5

81da6189145c24816d35bf038845e753
SHA1

741dc8f77ff22f23450ab362054889828dfdbf3a
SHA256

c0308e2ea71ff40ce878556504ed644435ec61502bd5d01941ed632ccec029f9
SHA512

1dce39462761bff379360e3a80938bba27c7c429481fa476f54623f836f284f03dd692a4f846116ec27f4aaa5776698fb757affbd3d28e0befee3f6be1f8bf11
SSDEEP

393216:bEkZgf8iSNPG7NmiZoW1+TtIiFGuvB5IjWqn6eCz1kypRXiWCoaa:bRbioKEAl1QtIZS3ILn6ehyaVoaa

Score

10^/10

crealstealer pyinstaller spyware stealer

Static task

static1

pyinstaller crealstealer

4 signatures

Behavioral task

behavioral1

Sample

Exm_Premium_Tweaking_Utility_V2.exe

Resource

win7-20240221-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

Exm_Premium_Tweaking_Utility_V2.exe

Resource

win10v2004-20240226-en

spyware stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  Exm_Premium_Tweaking_Utility_V2.exe
- Size
  
  16.0MB
- MD5
  
  81da6189145c24816d35bf038845e753
- SHA1
  
  741dc8f77ff22f23450ab362054889828dfdbf3a
- SHA256
  
  c0308e2ea71ff40ce878556504ed644435ec61502bd5d01941ed632ccec029f9
- SHA512
  
  1dce39462761bff379360e3a80938bba27c7c429481fa476f54623f836f284f03dd692a4f846116ec27f4aaa5776698fb757affbd3d28e0befee3f6be1f8bf11
- SSDEEP
  
  393216:bEkZgf8iSNPG7NmiZoW1+TtIiFGuvB5IjWqn6eCz1kypRXiWCoaa:bRbioKEAl1QtIZS3ILn6ehyaVoaa
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

pyinstallercrealstealer

behavioral1

behavioral2

© 2018-2024

Terms | Privacy