crealstealer | 1b0f8b7a56eedd6416a91dff43c83a15ae2e4ddb966412e5abdc1acefeb8f6c2

General

Target

sysEXEC.zip
Size

18.8MB
Sample

240618-hpyv7a1hqh
MD5

b64337c77cb62ff48d87955db53a863f
SHA1

e3c23ab913f0fbe28e2be66f643085b3cdb57e55
SHA256

1b0f8b7a56eedd6416a91dff43c83a15ae2e4ddb966412e5abdc1acefeb8f6c2
SHA512

c5b1e678b65b485daf313541e43de1ae57a55ee06e48e9b6084c8dfb9702248ffd2f9d976a525ad4acaf486d05cad764c77231ad952635bf36a969f75d3bee89
SSDEEP

393216:7oZJFDY1RYfK3/ayMJ/sK43Z7/oSQlo0ztn17fOq:7oZJq1RYfKDMJ/sK4pTobllzt17Wq

Score

10^/10

Malware Config

Targets

- Target
  
  sysEXEC/deter.dll
- Size
  
  2.4MB
- MD5
  
  e0035f1415ad57390e035a1924e66699
- SHA1
  
  aea268dd8cde0f81847b5faf31914e5def3e3905
- SHA256
  
  77f70788f86eb2118c62505b12857fc9ecec67ddda00c9ae763e30f4d2001973
- SHA512
  
  dae404a831f3acb504210aecf24838ee4a86f46ff389c090dce85d7f3dcd23395cd4f475143b619b142319e0b610a063d07ab51a26aa3a5b08d48e41112e6a53
- SSDEEP
  
  49152:fQB8FXngzuLOerj6QSKFsZ+5xtRvBZmYxx3zpWSkdP1uYMOD6Gy2MS:fQB8lgzu9f6QSKFnBp/P9xs1uYMy6dy
Score

1^/10
behavioral1 behavioral2
- Target
  
  sysEXEC/quickDrop.dll
- Size
  
  2.0MB
- MD5
  
  0911c00b81b90ea126d46a1bd5c2933f
- SHA1
  
  bf59ae80d8b72ad1d805ee806803d932bb02044a
- SHA256
  
  dafbdacac1b68e0d615bd5d6550a472800e37f1c8cbda9064c61cefb4c29435d
- SHA512
  
  43442e93725024c0b98c6d958f995830436adb676ab1d6b12e9fbf9b6bf78dc02b9ce7ddeef957b61105440349b1b7d88c8db4951ad344796b891d2baf113bf9
- SSDEEP
  
  24576:AqTkBkEU283mDQYaL/el5XOgE3LWC1MsDvHKuzPgqf/r4MOKbcQzKhkziZ68EbaN:lmkE6Wgel5XGZvRPLNO5QzK3g8EehHik
Score

1^/10
behavioral3 behavioral4
- Target
  
  sysEXEC/sysEXEC.exe
- Size
  
  14.5MB
- MD5
  
  02d12d780b93209fad2a6dc29716b278
- SHA1
  
  d425f1c11190044e07be7c87845a0a89203fec9e
- SHA256
  
  1302f2c7054ea7194ce07428af0c2fa00c46e2d27fb96e7734f09cdab139b1a5
- SHA512
  
  6f9c5a62742049f0218ddcf59ef880f231809010cbad3954197616036828839893b2af38137c419732f2a3dda8f41b32a8ad4845b48c1bb506f52ad0448241b1
- SSDEEP
  
  393216:LEkZQ0dQuslSq99oWOv+9fgWtRT7k3he:LhQ0dQuSDorvSYWtl74h
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2

T1552

Credentials In Files

2

T1552.001

Discovery

Process Discovery

1

T1057

Lateral Movement

Collection

Data from Local System

2

T1005

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Drops startup file

Loads dropped DLL

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Looks up external IP address via web service

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6