crealstealer | bf3973747453f2d6437ced09d04d29d2c917ebe3412d2532b5229e949ceef5bb | Triage

Submit
Reports

Overview

overview

Static

static

PizzaTower.exe

windows7-x64

7

PizzaTower.exe

windows10-2004-x64

7

Resubmissions

27-04-2024 15:54

240427-tb9lbadd3z 10

27-04-2024 15:50

240427-s9943acg29 10

Sharing

General

Target

PizzaTower.exe
Size

7.1MB
Sample

240427-tb9lbadd3z
MD5

d4c2e3ad524c2112712f0b762ab38bb9
SHA1

f48e48895154c1f8ee0b389eca15236b920efd1a
SHA256

bf3973747453f2d6437ced09d04d29d2c917ebe3412d2532b5229e949ceef5bb
SHA512

e76d79189bfe32dd4664645b5080063cc71734c6d5e7f54a75116efeff5b61c5ce4e69f72b969e70a77b17952656bed6913f96df07cc6730a4e79ae6df8641aa
SSDEEP

196608:QCT+aj1rpnrJehwiIbZg4TIdQNm5XKCt7ogJwDb2:QCT+aoqbCdQyftNJwDb2

Score

10^/10

crealstealer pyinstaller spyware stealer

Static task

static1

pyinstaller crealstealer

4 signatures

Behavioral task

behavioral1

Sample

PizzaTower.exe

Resource

win7-20240221-en

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

PizzaTower.exe

Resource

win10v2004-20240419-en

spyware stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  PizzaTower.exe
- Size
  
  7.1MB
- MD5
  
  d4c2e3ad524c2112712f0b762ab38bb9
- SHA1
  
  f48e48895154c1f8ee0b389eca15236b920efd1a
- SHA256
  
  bf3973747453f2d6437ced09d04d29d2c917ebe3412d2532b5229e949ceef5bb
- SHA512
  
  e76d79189bfe32dd4664645b5080063cc71734c6d5e7f54a75116efeff5b61c5ce4e69f72b969e70a77b17952656bed6913f96df07cc6730a4e79ae6df8641aa
- SSDEEP
  
  196608:QCT+aj1rpnrJehwiIbZg4TIdQNm5XKCt7ogJwDb2:QCT+aoqbCdQyftNJwDb2
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

pyinstallercrealstealer

behavioral1

behavioral2

© 2018-2024

Terms | Privacy