Overview

overview

10

Static

static

10

index.exe

windows7-x64

7

index.exe

windows10-2004-x64

9

Creal.pyc

windows7-x64

3

Creal.pyc

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    index.exe

  • Size

    13.2MB

  • Sample

    240726-tdqwzs1fma

  • MD5

    b19ecc85f6fb66a7284923be049659cd

  • SHA1

    23d8ffbf1f0dd96538124c80481e7676bbd392fb

  • SHA256

    077fbfcf6bbc5690d8f7ad368a6414a0ca3ca4117d148e637b0ea07146c69809

  • SHA512

    e030cf7383f1ea05f9af400034e0f6673ecbda6f25a24ee98e467555cebf41b3ce56cf3e11c02af33baaa25293fd74a62a818cd81a08c40f2c600c41a53c2051

  • SSDEEP

    393216:iEkcqY4q1+TtIiF0Y9Z8D8Ccl6lnmEaUzlewA/Wm5R+:ikD4q1QtILa8DZcIlmgUd7z+

Score
10/10
crealstealercredential_accessdiscoverypyinstallerspywarestealer

Malware Config

Targets

    • Target

      index.exe

    • Size

      13.2MB

    • MD5

      b19ecc85f6fb66a7284923be049659cd

    • SHA1

      23d8ffbf1f0dd96538124c80481e7676bbd392fb

    • SHA256

      077fbfcf6bbc5690d8f7ad368a6414a0ca3ca4117d148e637b0ea07146c69809

    • SHA512

      e030cf7383f1ea05f9af400034e0f6673ecbda6f25a24ee98e467555cebf41b3ce56cf3e11c02af33baaa25293fd74a62a818cd81a08c40f2c600c41a53c2051

    • SSDEEP

      393216:iEkcqY4q1+TtIiF0Y9Z8D8Ccl6lnmEaUzlewA/Wm5R+:ikD4q1QtILa8DZcIlmgUd7z+

    Score
    9/10
    credential_accessdiscoveryspywarestealer

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery
    behavioral1behavioral2

    • Target

      Creal.pyc

    • Size

      108KB

    • MD5

      827fee64b0b3073f98bd0c945081f337

    • SHA1

      1bd490373e23f3db124f2049bf0081258b836139

    • SHA256

      67c6aab3dc0f448c4b4de7c0fce857961e098986ccabb7c71fb9f48aef29aad2

    • SHA512

      dd85c046bac960cfb4f2bb432ec5eee74e8fbfc48fbbb1727f9c140acf6fff2ff47ffb84828abf9ea470a2eb4216607f5ed062065345a1719f54d0780ab2fbc7

    • SSDEEP

      3072:nV7MaNdUcd63LDAFT8+IiEssh00mH0PtZ8IKEDRc:aQUgW33Hlc

    Score
    3/10
    discovery
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks