General
-
Target
CrealStealerV2.exe
-
Size
19.7MB
-
Sample
240529-wb9mesda35
-
MD5
f5a54011e1b355c0b117269974fe0f16
-
SHA1
e1f5151e4b5b3f8288e9f79e6c6591619f8320a2
-
SHA256
9441bc83063ce4c70bce9b9f5a3ed43f4f1a8d99351e2daf3299ba5efa7bef52
-
SHA512
e5b043b8c1d731f92e80747b28f3695898043ead5cf92a4725849d09e7364f089596ab3d85895e7ead80e754c72ad218f38c99358cb125c09c988320f6d785f1
-
SSDEEP
393216:jEkQLQl3pUTLfhJpdQuslal99oWOv+9fgyouZ9V/:jYQPUTLJDdQu/DorvSYyoKV
Behavioral task
behavioral1
Sample
CrealStealerV2.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
CrealStealerV2.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
blxstealer.pyc
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
blxstealer.pyc
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
CrealStealerV2.exe
-
Size
19.7MB
-
MD5
f5a54011e1b355c0b117269974fe0f16
-
SHA1
e1f5151e4b5b3f8288e9f79e6c6591619f8320a2
-
SHA256
9441bc83063ce4c70bce9b9f5a3ed43f4f1a8d99351e2daf3299ba5efa7bef52
-
SHA512
e5b043b8c1d731f92e80747b28f3695898043ead5cf92a4725849d09e7364f089596ab3d85895e7ead80e754c72ad218f38c99358cb125c09c988320f6d785f1
-
SSDEEP
393216:jEkQLQl3pUTLfhJpdQuslal99oWOv+9fgyouZ9V/:jYQPUTLJDdQu/DorvSYyoKV
-
Drops startup file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
blxstealer.pyc
-
Size
40KB
-
MD5
cba2a703123ef875021dc9fc61f577fa
-
SHA1
b71f512dc1b68258465583ee87819b608297b21a
-
SHA256
01d67454abbd85315af581942caeec7c2e2a276fd32bd1617e427970f6ef88e9
-
SHA512
3e8d719b6eb40de4d0e5842f99da49922d33d3df9ffe89342600a17c1e325745ea66c6da010f6140c5dd15b10451ee9eacf88d9b3ae780ed4fa86cdcc1626b90
-
SSDEEP
768:Rlq+ewxN8Rx+QVgASZgOR3a1EIhwVoUV8jHrsdHIl00qAhItnEaRwC:6KuR5EfshwVJViV3qAhIfR9
Score3/10 -