crealstealer | efa52ea19da5beacf2478e527e73f9e894fd189163683d08cfe061e683584ff3 | Triage

Sharing

General

Target

Setup.exe
Size

14.4MB
Sample

240526-ajm8haff7s
MD5

fbdf101900056c2da40a9fe3ed4e53f6
SHA1

a22e6725bb1e031999e0f6c70b286edb44cede3b
SHA256

efa52ea19da5beacf2478e527e73f9e894fd189163683d08cfe061e683584ff3
SHA512

8959634956f2df0e1d8cf49a9618c12f8ba7cb9ddf6b04da9dc32f29a3690d0de3886dd7f81c1f4e99bc8c469da43c0d6905738d671a4b44a6f2e3917fd1adbd
SSDEEP

196608:chL6Ekv0sKYu/PaQ+DuhflMFdQmRJ8dA6lSuqaycBIGpE2o6hTOv+QKfwJTXDz/r:5EkZQudQuslSq99oWOv+9fgT1AOge3h

Score

10^/10

crealstealer pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  Setup.exe
- Size
  
  14.4MB
- MD5
  
  fbdf101900056c2da40a9fe3ed4e53f6
- SHA1
  
  a22e6725bb1e031999e0f6c70b286edb44cede3b
- SHA256
  
  efa52ea19da5beacf2478e527e73f9e894fd189163683d08cfe061e683584ff3
- SHA512
  
  8959634956f2df0e1d8cf49a9618c12f8ba7cb9ddf6b04da9dc32f29a3690d0de3886dd7f81c1f4e99bc8c469da43c0d6905738d671a4b44a6f2e3917fd1adbd
- SSDEEP
  
  196608:chL6Ekv0sKYu/PaQ+DuhflMFdQmRJ8dA6lSuqaycBIGpE2o6hTOv+QKfwJTXDz/r:5EkZQudQuslSq99oWOv+9fgT1AOge3h
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2
- Target
  
  Creal.pyc
- Size
  
  63KB
- MD5
  
  ee0055e1fb8768b3cdc8d2acab5773e6
- SHA1
  
  cdc4dd7162f117795ae645b17bcc2bd0bf55f52e
- SHA256
  
  32fec5cb744d65fab53f54724f237218ee273f4f000e969f9e24a172043a518b
- SHA512
  
  b5621830de8f794a0c334207fb41872bac533f62a5745cdb3712d36f6eb18f1e835000919c09a73da5adef3264a400bc2765736f9b71643e19918322df8a80c2
- SSDEEP
  
  1536:SuHDrbe3uzTZMB7aK1HR6LGujeqoukYCCcnk7P2Raw:tHDHe3uz0Bb6bsnk7Pa
Score

6^/10
- Legitimate hosting services abused for malware hosting/C2
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

pyinstallercrealstealer

behavioral1

behavioral2

behavioral3

behavioral4