General

  • Target

    CrealStealerV2.exe

  • Size

    19.7MB

  • Sample

    240529-wb9mesda35

  • MD5

    f5a54011e1b355c0b117269974fe0f16

  • SHA1

    e1f5151e4b5b3f8288e9f79e6c6591619f8320a2

  • SHA256

    9441bc83063ce4c70bce9b9f5a3ed43f4f1a8d99351e2daf3299ba5efa7bef52

  • SHA512

    e5b043b8c1d731f92e80747b28f3695898043ead5cf92a4725849d09e7364f089596ab3d85895e7ead80e754c72ad218f38c99358cb125c09c988320f6d785f1

  • SSDEEP

    393216:jEkQLQl3pUTLfhJpdQuslal99oWOv+9fgyouZ9V/:jYQPUTLJDdQu/DorvSYyoKV

Malware Config

Targets

    • Target

      CrealStealerV2.exe

    • Size

      19.7MB

    • MD5

      f5a54011e1b355c0b117269974fe0f16

    • SHA1

      e1f5151e4b5b3f8288e9f79e6c6591619f8320a2

    • SHA256

      9441bc83063ce4c70bce9b9f5a3ed43f4f1a8d99351e2daf3299ba5efa7bef52

    • SHA512

      e5b043b8c1d731f92e80747b28f3695898043ead5cf92a4725849d09e7364f089596ab3d85895e7ead80e754c72ad218f38c99358cb125c09c988320f6d785f1

    • SSDEEP

      393216:jEkQLQl3pUTLfhJpdQuslal99oWOv+9fgyouZ9V/:jYQPUTLJDdQu/DorvSYyoKV

    Score
    7/10
    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Target

      blxstealer.pyc

    • Size

      40KB

    • MD5

      cba2a703123ef875021dc9fc61f577fa

    • SHA1

      b71f512dc1b68258465583ee87819b608297b21a

    • SHA256

      01d67454abbd85315af581942caeec7c2e2a276fd32bd1617e427970f6ef88e9

    • SHA512

      3e8d719b6eb40de4d0e5842f99da49922d33d3df9ffe89342600a17c1e325745ea66c6da010f6140c5dd15b10451ee9eacf88d9b3ae780ed4fa86cdcc1626b90

    • SSDEEP

      768:Rlq+ewxN8Rx+QVgASZgOR3a1EIhwVoUV8jHrsdHIl00qAhItnEaRwC:6KuR5EfshwVJViV3qAhIfR9

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks