crealstealer | 31723382c02a8258622764d937f24b42ee25f0894cde46c99b96a1558f426e96

General

Target

vheck.zip
Size

17.7MB
Sample

240604-s4hsmacd57
MD5

0a7c720107909c60547c6decd915bd91
SHA1

c362144d815eef8628dc330febbccfa51199c51f
SHA256

31723382c02a8258622764d937f24b42ee25f0894cde46c99b96a1558f426e96
SHA512

39cadbbfdf5796003cb61f53326ddfc6e23ef11dd39f8dee053764fb13a34a8b9f9511093a82ff73c66c63f5ce242b80d267dbb111f21a7d04e2f1e7b8fa8676
SSDEEP

393216:AW80aleeQUjXax8UPG1OjI5Ah3yysi37hNvf9WUmaXcwYa/Q2bcZVha:IlhDR1CI5AN3z3NFYUfXYa/Q2oVha

Score

10^/10

Malware Config

Targets

- Target
  
  vheck/applecleaner.exe
- Size
  
  3.6MB
- MD5
  
  f96eb2236970fb3ea97101b923af4228
- SHA1
  
  e0eed80f1054acbf5389a7b8860a4503dd3e184a
- SHA256
  
  46fe5192387d3f897a134d29c069ebf39c72094c892134d2f0e77b12b11a6172
- SHA512
  
  2fd2d28c5f571d40b43a4dd7a22d367ba42420c29627f21ca0a2052070ffb9f689d80dad638238189eed26ed19af626f47e70f1207e10007041c620dac323cc7
- SSDEEP
  
  98304:z7m+ij9HD0+jCihNRkl/W6aG/wcKnfu8NUT6Ko:e+y4ihkl/Wo/afHPb
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1
- Target
  
  vheck/applecperm.exe
- Size
  
  14.3MB
- MD5
  
  9405b56af4d2bd0546ed27ed1d68b1ab
- SHA1
  
  8c7d5c8563f621c2cffafc9ccd4a156cfb7ec8f8
- SHA256
  
  6e997d7cdd07a8c173b569bedda6aaaf1b5ac10e5391a98c2f4593c5fc284b30
- SHA512
  
  96c6b04730ba00d6ba1bc6f90fa1e484594a39fd83b4c22a2b8646cfb1220c20cf5dc819e63ef3100ca66a3c302eb00b1d3b564e034d34b7995c20c9befc21d4
- SSDEEP
  
  393216:aiIE7YoPQMidQuslSq99oWOv+9fgEIlIQvew:D7rPQ3dQuSDorvSYEIpvf
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral2