crealstealer | 6fe923c5054f39c39dcd60025cf6f2f870957e86e8f1a5f8eb1df2ed71bc9e64 | Triage

Submit
Reports

Overview

overview

Static

static

Script_blo...it.exe

windows7-x64

7

Script_blo...it.exe

windows10-2004-x64

7

Sharing

General

Target

Script_blox_fruit_give_Fruit.exe
Size

14.3MB
Sample

240612-kvsx8swgpe
MD5

6313c71d2076312989efb6cfd1fbf571
SHA1

fe744b3cc2e94623b5f9ddcff95dc4fcecf56e45
SHA256

6fe923c5054f39c39dcd60025cf6f2f870957e86e8f1a5f8eb1df2ed71bc9e64
SHA512

e0991c82ef1a157a1f12ad5629b01525572e3b282938c788c4968e770a8cc43e4d6da823e96a626870245acb567fdf689e90ae0576f01004f1086c760e475c83
SSDEEP

196608:th0sKYu/PaQ+Duvf7ndQmRJ8dA6lSuqaycBIGpEqo6hTOv+QKfwJN7vGlrh/lBYq:9QPndQuslSq9RoWOv+9fgNoBQz57m

Score

10^/10

crealstealer pyinstaller spyware stealer

Static task

static1

pyinstaller crealstealer

4 signatures

Behavioral task

behavioral1

Sample

Script_blox_fruit_give_Fruit.exe

Resource

win7-20240419-en

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

Script_blox_fruit_give_Fruit.exe

Resource

win10v2004-20240611-en

spyware stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  Script_blox_fruit_give_Fruit.exe
- Size
  
  14.3MB
- MD5
  
  6313c71d2076312989efb6cfd1fbf571
- SHA1
  
  fe744b3cc2e94623b5f9ddcff95dc4fcecf56e45
- SHA256
  
  6fe923c5054f39c39dcd60025cf6f2f870957e86e8f1a5f8eb1df2ed71bc9e64
- SHA512
  
  e0991c82ef1a157a1f12ad5629b01525572e3b282938c788c4968e770a8cc43e4d6da823e96a626870245acb567fdf689e90ae0576f01004f1086c760e475c83
- SSDEEP
  
  196608:th0sKYu/PaQ+Duvf7ndQmRJ8dA6lSuqaycBIGpEqo6hTOv+QKfwJN7vGlrh/lBYq:9QPndQuslSq9RoWOv+9fgNoBQz57m
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

pyinstallercrealstealer

behavioral1

behavioral2

© 2018-2024

Terms | Privacy