crealstealer | 954729e3ee0bd5cb33f3c8fdbc8f7e7cbe886eb7b809f9292d812cff398d48f1 | Triage

Sharing

General

Target

Neverdies.cc.exe
Size

14.4MB
Sample

240609-h7c2fagc44
MD5

4a7e31f21d2ad053af1b62535b9b8b88
SHA1

499c99baa624d8c6bfa567de7bbe55e1862bbb12
SHA256

954729e3ee0bd5cb33f3c8fdbc8f7e7cbe886eb7b809f9292d812cff398d48f1
SHA512

78a3a41f1b65ef66f9efaf82c1918b7bbc7ab3d2370541851003359bbd55df23ae5898f47469783173cd31bdb85c871b28394736233a62b7897d6840e2ac785d
SSDEEP

393216:kEkZQrdQuslSq99oWOv+9fgwuk49Dudy3h:khQrdQuSDorvSYwukgu4h

Score

10^/10

crealstealer pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  Neverdies.cc.exe
- Size
  
  14.4MB
- MD5
  
  4a7e31f21d2ad053af1b62535b9b8b88
- SHA1
  
  499c99baa624d8c6bfa567de7bbe55e1862bbb12
- SHA256
  
  954729e3ee0bd5cb33f3c8fdbc8f7e7cbe886eb7b809f9292d812cff398d48f1
- SHA512
  
  78a3a41f1b65ef66f9efaf82c1918b7bbc7ab3d2370541851003359bbd55df23ae5898f47469783173cd31bdb85c871b28394736233a62b7897d6840e2ac785d
- SSDEEP
  
  393216:kEkZQrdQuslSq99oWOv+9fgwuk49Dudy3h:khQrdQuSDorvSYwukgu4h
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2
- Target
  
  Creal.pyc
- Size
  
  124KB
- MD5
  
  7e638d95765c88f6d01dce034d53ca0e
- SHA1
  
  72286c4d26816ee6fdc869f57e7b630f4bd2e362
- SHA256
  
  af5d87c49635330b02bd8a7195acff314121a836b74be3d87af3c1a99426bd1c
- SHA512
  
  d04f46bc420dc12a0420b7f8d6686961d3db81b0810c2c320c8d44ba880e5ce15be1e7a5bb5b83a46f3cb2ea054be2ce825ac73873a9a496385e240028a5ca50
- SSDEEP
  
  1536:fuODrte3uzTZMB7aK1AQ0aqmr18wfshcO7QHeL1vh/sKw1GqipatcRU1fVc1mNj0:2ODBe3uz0BxDqm/+fr7w7q
Score

3^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

pyinstallercrealstealer

behavioral1

behavioral2

behavioral3

behavioral4