crealstealer | b03c3ec6a842ad7548717a0099cc14d938c7da2ee33796ca7119989d4b795c99 | Triage

Submit
Reports

Overview

overview

Static

static

rosetracker.exe

windows10-2004-x64

7

Sharing

General

Target

rosetracker.exe
Size

19.1MB
Sample

240518-wftf1aff21
MD5

6931186e23c622ffb48c4a927d86f648
SHA1

bdd6200fd58d979708e2dcc598998098122cc4be
SHA256

b03c3ec6a842ad7548717a0099cc14d938c7da2ee33796ca7119989d4b795c99
SHA512

9ff441d096c040593a426c5a8f85c7cc444ada8c8d838420e7e48f5cfed1766b66413f9d754d135ebc1215f475ba88b35823c72aaec9ad711087b152fce81de2
SSDEEP

393216:JWqu7L/sQqTIKKmr2pu0tTtdQuslSl99oWOv+9qDZ1XaoI2St:gqCL0QuIKKmr2puI5dQu9DorvSC1FIL

Score

10^/10

crealstealer pyinstaller spyware stealer

Static task

static1

pyinstaller crealstealer

4 signatures

Behavioral task

behavioral1

Sample

rosetracker.exe

Resource

win10v2004-20240508-en

spyware stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  rosetracker.exe
- Size
  
  19.1MB
- MD5
  
  6931186e23c622ffb48c4a927d86f648
- SHA1
  
  bdd6200fd58d979708e2dcc598998098122cc4be
- SHA256
  
  b03c3ec6a842ad7548717a0099cc14d938c7da2ee33796ca7119989d4b795c99
- SHA512
  
  9ff441d096c040593a426c5a8f85c7cc444ada8c8d838420e7e48f5cfed1766b66413f9d754d135ebc1215f475ba88b35823c72aaec9ad711087b152fce81de2
- SSDEEP
  
  393216:JWqu7L/sQqTIKKmr2pu0tTtdQuslSl99oWOv+9qDZ1XaoI2St:gqCL0QuIKKmr2puI5dQu9DorvSC1FIL
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

pyinstallercrealstealer

behavioral1

© 2018-2025

Terms | Privacy