crealstealer | bb7bfe39f1aa1ec4ef6463630c97d5186de1a4593488f11f2ed2498b5a3f7597 | Triage

Sharing

General

Target

fpsbooster.exe
Size

10.6MB
Sample

240606-p4kqfafd35
MD5

ae8472fb1d1cd4b552e713c496a8ea5c
SHA1

974a150578fe2879b9f16c50d8c6ce722457d440
SHA256

bb7bfe39f1aa1ec4ef6463630c97d5186de1a4593488f11f2ed2498b5a3f7597
SHA512

f725e799abe0cf0f6a21968d06259f44f2efdfb170e1c59e06cc51806c7ecbf8d42c237ac693e5d03d67ab545dc8eab90835e753968d4559b792c297026f1fed
SSDEEP

196608:kzEkobwrHLDuWJysVYvsOIroyMxxvjDDAxlfe6df/dHzmHZ3v9oxXTya+BuGPlsh:mEkomHmWJZoyMxtDDAxlfxdf/dHWZ3lO

Score

10^/10

crealstealer pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  fpsbooster.exe
- Size
  
  10.6MB
- MD5
  
  ae8472fb1d1cd4b552e713c496a8ea5c
- SHA1
  
  974a150578fe2879b9f16c50d8c6ce722457d440
- SHA256
  
  bb7bfe39f1aa1ec4ef6463630c97d5186de1a4593488f11f2ed2498b5a3f7597
- SHA512
  
  f725e799abe0cf0f6a21968d06259f44f2efdfb170e1c59e06cc51806c7ecbf8d42c237ac693e5d03d67ab545dc8eab90835e753968d4559b792c297026f1fed
- SSDEEP
  
  196608:kzEkobwrHLDuWJysVYvsOIroyMxxvjDDAxlfe6df/dHzmHZ3v9oxXTya+BuGPlsh:mEkomHmWJZoyMxtDDAxlfxdf/dHWZ3lO
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1
- Target
  
  creal.pyc
- Size
  
  33KB
- MD5
  
  a59bb4d78214a55e59a045da4a26e443
- SHA1
  
  e560582449e8c14f856f0d2b3d78a7493ebaec2a
- SHA256
  
  961cb2aade667d7af77ef9aa4faa045bd89fdee37557a567c57b39691dbf429e
- SHA512
  
  6d9492ee82a5c5a326f6bf9c33537b8ac0a561f8e3800f0bee598d2a308879debb13953e48a36e0d03c3d50af7cf652f22a18f1b72fb4b86113416571bda1496
- SSDEEP
  
  768:7S9qQoEEnrVJM4rddjrdCtLy+4qJR6v7HO0T0FTtFOzTPElDO0Cv:7+XarsMdjrAti9T0FTtEbEQ02
Score

3^/10
behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

pyinstallercrealstealer

behavioral1

behavioral2