crealstealer | 8a78fdf56fe352e39b804faa5f544db35694ea6d0d46297d52bb66986604ab15 | Triage

Sharing

General

Target

ANDROID_RAT.rar
Size

15.8MB
Sample

240716-jq18dasann
MD5

f121b24292ab6b5c0fdc6f165f7e869d
SHA1

f5a34d026d56262ddf99b8099706d0c774b3cfb7
SHA256

8a78fdf56fe352e39b804faa5f544db35694ea6d0d46297d52bb66986604ab15
SHA512

954647af0d46b744073e642e84b91440e864c2e185ce7a1455360dc3d0065066fe9a99fe13684ad45658e871aa0ff485c43488b94c0b2d5bf4e6de97e172bd36
SSDEEP

393216:JKSn4hsYBCxVv2A6VbjSKgtB2WFVCHKSn4hsYBCxVv2A6VbjSKgtB2WFVCZ:JX+sYcVvf6VjSltxCHX+sYcVvf6VjSlQ

Score

10^/10

crealstealer pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  ANDROID_RAT.rar
- Size
  
  15.8MB
- MD5
  
  f121b24292ab6b5c0fdc6f165f7e869d
- SHA1
  
  f5a34d026d56262ddf99b8099706d0c774b3cfb7
- SHA256
  
  8a78fdf56fe352e39b804faa5f544db35694ea6d0d46297d52bb66986604ab15
- SHA512
  
  954647af0d46b744073e642e84b91440e864c2e185ce7a1455360dc3d0065066fe9a99fe13684ad45658e871aa0ff485c43488b94c0b2d5bf4e6de97e172bd36
- SSDEEP
  
  393216:JKSn4hsYBCxVv2A6VbjSKgtB2WFVCHKSn4hsYBCxVv2A6VbjSKgtB2WFVCZ:JX+sYcVvf6VjSltxCHX+sYcVvf6VjSlQ
Score

3^/10
behavioral1 behavioral2
- Target
  
  ANDROID RAT/Build 1.exe
- Size
  
  8.1MB
- MD5
  
  de516eb29dbf7dfc4fad6ece9b0006d2
- SHA1
  
  ab14d37b175dbc956c057c6f82040661740270f5
- SHA256
  
  3cd0aa003daac31a45fc62b54024afe108bfad2288667e9b8a1ce3530ee1b489
- SHA512
  
  60996d7f729bef43825e72ba9b2c53c1d681cf0e4ca58a009075d656addb4a9151ff46b1671cd12e8e7703c15557fe32083be8b392c9797e4b7930bbdf196ddd
- SSDEEP
  
  196608:K+0MhCeBTX1QFhjwt25HnuOpPOf+NIqAkL:jlAOOHuOOWuq
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral3 behavioral4
- Target
  
  Creal.pyc
- Size
  
  105KB
- MD5
  
  33c413274d516b542d7372f3b5d09eaf
- SHA1
  
  cad7903b7819be3e029c59b7b99de195d1f7ffcd
- SHA256
  
  e257b0f127b87920205378556cbdede58dd72064d73835f1c8335a930416a042
- SHA512
  
  7abcbb6472e30ed9fe31ca5aa08036c948d58983d2942b3b971fb76d62ee1c6effce16cd3c3246093f52cc14ecee2a641830751bdcca9d8cf6b5f1e43ba2876e
- SSDEEP
  
  1536:oSreO/J2vY5DA1y5ZvbZb8y0M5V49pCJlkpMkEQQU5Eyk7:oSCO/JYM3vbulrCJlki4j5Eyq
Score

3^/10
behavioral5 behavioral6
- Target
  
  ANDROID RAT/Compiler.exe
- Size
  
  8.1MB
- MD5
  
  de516eb29dbf7dfc4fad6ece9b0006d2
- SHA1
  
  ab14d37b175dbc956c057c6f82040661740270f5
- SHA256
  
  3cd0aa003daac31a45fc62b54024afe108bfad2288667e9b8a1ce3530ee1b489
- SHA512
  
  60996d7f729bef43825e72ba9b2c53c1d681cf0e4ca58a009075d656addb4a9151ff46b1671cd12e8e7703c15557fe32083be8b392c9797e4b7930bbdf196ddd
- SSDEEP
  
  196608:K+0MhCeBTX1QFhjwt25HnuOpPOf+NIqAkL:jlAOOHuOOWuq
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral7 behavioral8
- Target
  
  Creal.pyc
- Size
  
  105KB
- MD5
  
  33c413274d516b542d7372f3b5d09eaf
- SHA1
  
  cad7903b7819be3e029c59b7b99de195d1f7ffcd
- SHA256
  
  e257b0f127b87920205378556cbdede58dd72064d73835f1c8335a930416a042
- SHA512
  
  7abcbb6472e30ed9fe31ca5aa08036c948d58983d2942b3b971fb76d62ee1c6effce16cd3c3246093f52cc14ecee2a641830751bdcca9d8cf6b5f1e43ba2876e
- SSDEEP
  
  1536:oSreO/J2vY5DA1y5ZvbZb8y0M5V49pCJlkpMkEQQU5Eyk7:oSCO/JYM3vbulrCJlki4j5Eyq
Score

3^/10
behavioral10 behavioral9
- Target
  
  ANDROID RAT/Readme.txt
- Size
  
  330B
- MD5
  
  e71135b7ddb055d9450bfa8409c66973
- SHA1
  
  66172baac422373991ba4766069ad22c95957dcd
- SHA256
  
  d4486d5f321df7389acefc24e6e0996b55912ffa2256f29d8d3bbb9a713d9d59
- SHA512
  
  e43215947c9bed12918b40c9dedc438672455494f1172f4df8877ddda0f881b0b88c7c61af335f755187793615b5ecb01453b61530a764c506a0a4eab28c4fa8
Score

1^/10
behavioral11 behavioral12
- Target
  
  ANDROID RAT/Run first.bat
- Size
  
  161B
- MD5
  
  6e850049ee08bf9ed50bfdee6e6934c5
- SHA1
  
  4fcf058207a8c7acbbb08a8c752dc803c66c6963
- SHA256
  
  65df947f76e4c904718c25a0a318ca6f35bdd2328c818ee3b09d75f0f43fa710
- SHA512
  
  3cd1a3098791670756f8151a952b12183e8d74aac28809afb3433565b40dc2d583648d479ab064345c9409f7cb534504ec471cfdfd884a1d420341c975d55609
Score

1^/10
behavioral13 behavioral14

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

pyinstallercrealstealer

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14