crealstealer | 6aceeac6f374351f34b9cd3fa36198ca5b6835b83f8c8433fcfd1c2ffb13a6b3 | Triage

Sharing

General

Target

Luna-Grabber-Main-main.zip
Size

19.6MB
Sample

240703-sewyysvapa
MD5

266942919795bf1bd4942fd71871da92
SHA1

7e091b2465d2e50875128a1aa9e921fb6c65db40
SHA256

6aceeac6f374351f34b9cd3fa36198ca5b6835b83f8c8433fcfd1c2ffb13a6b3
SHA512

0f655c688a4a3e9cac8b2204cba412c66335876f53988dd2408b99cd2aa4f75c8296f8e6ee3f87aecbb3e044340b483dd74f595901b30c4026762b798309b86e
SSDEEP

393216:1h6KmqySo7UsqhG3US2et9XbPOs7HbALhdvItm7MWDDg5q+:TTmqySow3G3US2enPOpzGWV+

Score

10^/10

crealstealer pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  Luna-Grabber-Main-main.zip
- Size
  
  19.6MB
- MD5
  
  266942919795bf1bd4942fd71871da92
- SHA1
  
  7e091b2465d2e50875128a1aa9e921fb6c65db40
- SHA256
  
  6aceeac6f374351f34b9cd3fa36198ca5b6835b83f8c8433fcfd1c2ffb13a6b3
- SHA512
  
  0f655c688a4a3e9cac8b2204cba412c66335876f53988dd2408b99cd2aa4f75c8296f8e6ee3f87aecbb3e044340b483dd74f595901b30c4026762b798309b86e
- SSDEEP
  
  393216:1h6KmqySo7UsqhG3US2et9XbPOs7HbALhdvItm7MWDDg5q+:TTmqySow3G3US2enPOpzGWV+
Score

1^/10
behavioral1 behavioral2
- Target
  
  Luna-Grabber-Main-main/README.md
- Size
  
  4KB
- MD5
  
  a0181ae79a3cfa8c3a43370e3ec5b200
- SHA1
  
  b11c663c816c2a81aab9945a3e0602133ba6d1ce
- SHA256
  
  cfc5cb06d6c2f71f91f094375797eebf18a2f4364e501847b3ab35c96b0da362
- SHA512
  
  277546a0383eead7dae8a0d28fb1246b6af1e0cc5ddcd72b7d6a6aaa8e2f5c7ff02157ecb80f47b0bf9c8d6bbba2fb94007f6dd269136b7862952b5d5afeae23
- SSDEEP
  
  96:XIdEekYRkDkKk/NGFXZ2dAvBmVKrhBkCU5vOYNElf:Xb/I11GBkZ2YxEJ
Score

3^/10
behavioral3 behavioral4
- Target
  
  Luna-Grabber-Main-main/builder.exe
- Size
  
  19.8MB
- MD5
  
  95419e62271175d0d3b3306b0befffb3
- SHA1
  
  e5a126c4d582372385212d804658056651599d95
- SHA256
  
  394a76cae20c6d644a5f9a12099b48ee2058f6b03ff3f83805bb5d078248cb8c
- SHA512
  
  5d2de343eb27d2bc471f7368debe98665c07a3a1a79ab2e2b084312f807db07697aa3f3a79b1b683c54b364020f012f812a8018fecf08419011f6945da4771bf
- SSDEEP
  
  393216:MQtstvdqJr7M5liAdQJlOwF3MnG3otl5cGaABo1edW3zCd1Z5Z:MQtstVA7M5lndQD3MGYNjbCOf
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral5 behavioral6
- Target
  
  Creal.pyc
- Size
  
  55KB
- MD5
  
  2a27c5a2380383e0eef2ee5d7e2e355d
- SHA1
  
  7896926b0fd1fb7027b32ea9e211b531231584b8
- SHA256
  
  aac7ee2790a33f22c1dac95d9b858f6bcc4b952ff059a3c9af40f893a14be5b3
- SHA512
  
  cb9b275565142b7a8fb1f42c9101c067f02d75dadd4bdd08752c92eca4b46c71bb83b9565155c85f4a1aa58db1efea11a73346be0da71c4d71508a0fa8d2a5f5
- SSDEEP
  
  768:s7WnrgpVIVk9+X6GpX0xoWyWtXt4OXXFFYAl/fBS5AZFm/bj3+eO3Wb38f:Dr47+LtaoULXFFYAyiUj3aWb3y
Score

3^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

pyinstallercrealstealer

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8