crealstealer | 6834e4f3defe1566f5c9fe9b25e8ae29144fcdf16115e14204e29d6ff4efe111 | Triage

Sharing

General

Target

FortniteCracker.zip
Size

14.5MB
Sample

240501-xyew1aeb7z
MD5

2ef3a170a6ea1af02de2a4058a39e169
SHA1

1ff2ae2aa8d61fe1c1396dc3ef1a30cf2b5ccbb2
SHA256

6834e4f3defe1566f5c9fe9b25e8ae29144fcdf16115e14204e29d6ff4efe111
SHA512

0ce07ce55ee70e2de8f200fb6ccfb1502b5c47afcc8dc2add2546c01b88e4e926030348b0571225c569773e1a76ea154f9cfa6908d5c6b1677bf4cab6fe01cf5
SSDEEP

393216:fR2ZWVhMDn1Owyi7OCg0YrCjjWwVv2csMcX:wZ8hMT1Ow9yCg5rGWwVDsnX

Score

10^/10

crealstealer pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  FortniteCracker/Extreme.Net.dll
- Size
  
  121KB
- MD5
  
  f79f0e3a0361cac000e2d3553753cd68
- SHA1
  
  4314bcef76fddc9379a8f3a266b37d685d0adb79
- SHA256
  
  8a6518ab7419fbec3ac9875baa3afb410ad1398c7aa622a09cd9084ec6cadfcd
- SHA512
  
  c77516e7f5540ecd13fa5d8cecfce34629acecd9b5a445f5f48902c9e823328fa9a6694ecaa39f5b6053de61c2b850c2d87df25357548afaad6ec37eb3e5e355
- SSDEEP
  
  3072:bdoECIgjBibgp2tBqL0Y++ruXqMG4ih3lbpMqc:bdoECIgUrG
Score

1^/10
behavioral1 behavioral2
- Target
  
  FortniteCracker/FortniteCracker.exe
- Size
  
  14.3MB
- MD5
  
  41ca32a6b1ea0ebf1be53c85632d4af1
- SHA1
  
  99bf3882e3ad022ba3cdc43ac033382d941c4eaa
- SHA256
  
  f98fb5b78dde808aac86a43a6ce0889f10f8ea6e92657d9774d540ef50f7863c
- SHA512
  
  e6e945351bb02c720b5c4e1087382023e09f742cae74879a17ed043cfd71fd41bab9b65069c3d39e21b94fc8a86a941e69c96ecd8242a62971d9b9f31b445a76
- SSDEEP
  
  393216:QiIE7YoPQMidQuslSq99oWOv+9fg4TFprTACw:R7rPQ3dQuSDorvSY4TF1AD
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral3 behavioral4
- Target
  
  FortniteCracker/Newtonsoft.Json.dll
- Size
  
  685KB
- MD5
  
  081d9558bbb7adce142da153b2d5577a
- SHA1
  
  7d0ad03fbda1c24f883116b940717e596073ae96
- SHA256
  
  b624949df8b0e3a6153fdfb730a7c6f4990b6592ee0d922e1788433d276610f3
- SHA512
  
  2fdf035661f349206f58ea1feed8805b7f9517a21f9c113e7301c69de160f184c774350a12a710046e3ff6baa37345d319b6f47fd24fbba4e042d54014bee511
- SSDEEP
  
  12288:U9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc3Q5:U8m657w6ZBLmkitKqBCjC0PDgM5A5
Score

1^/10
behavioral5 behavioral6
- Target
  
  FortniteCracker/Ookii.Dialogs.Wpf.dll
- Size
  
  103KB
- MD5
  
  932ebb3f9e7113071c6a17818342b7cc
- SHA1
  
  9ce2d08bc3840632092325abcc8d842eeb8189d4
- SHA256
  
  285aa8225732ddbcf211b1158bd6cff8bf3acbeeab69617f4be85862b7105ab5
- SHA512
  
  6b6086cff7b916c0c4536e3c7cba4ba17d6c4be2e4a88a5877be852e197f1f9c9c120d1295acf2b4277a9badd8cfd229ef3c1ab2049d0aeec22d3033be156141
- SSDEEP
  
  1536:qgoPBGuyAy52V+gtTLq6ZUc68h8O0SB/XBboIawHUPV5bKLh8sm6b0gl:qgwBGu2IV+ghd68WOxXBbx+5of
Score

1^/10
behavioral7 behavioral8
- Target
  
  FortniteCracker/RandomUserAgent.dll
- Size
  
  328KB
- MD5
  
  839cd4ce1930eee45f55f6259468d649
- SHA1
  
  7afbde253f6adbbc68ce3655b0d5a8b9f6ec1d3b
- SHA256
  
  53331bff5e585c471fad6789313a2a8a687a586cc0a8d006b24085b91ed7fc9a
- SHA512
  
  38faabf5b03512738b98b0243be9701a5668dcd5f2daba540e5bffb0547bb0fc08bc22f62f723c8aaa8ba724fc4820b4ff608e9c0d98c3aad3d5f9609c1d536f
- SSDEEP
  
  3072:umSqPhuDg67YBnmyyiSa2Tu1BpKSE0BrudXz0dLPuY8/0VgvGSQBthFk6K9ZdneS:umSqPhuDS
Score

1^/10
behavioral10 behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

pyinstallercrealstealer

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10