Overview

overview

9

Static

static

3

cstealer.exe

windows7-x64

7

cstealer.exe

windows10-2004-x64

9

cstealer.pyc

windows7-x64

3

cstealer.pyc

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cstealer.exe

  • Size

    11.0MB

  • Sample

    240805-y3rxss1cmh

  • MD5

    b4b661eec8fd7da2e4c192cbf8a1b15e

  • SHA1

    08269aea21c2a960f9e3a47afb97dc5468d0f4d5

  • SHA256

    8f511b93fda434147a3d0b5d05d209fb30be3c7a4ce3d4e23e83361701968bdc

  • SHA512

    6976dcd64fc0d85130bcc2ea22d2b61aa2bca6ec4286a3c87faef1dbfa988be90ec925caffd08b5cee0c36bd3f3388d93aac651f3e549740fc2c85e3e4328e5c

  • SSDEEP

    196608:UJvEkYclwuLIRBA1HeT39Iigwh1ncKOVVtcTSE37tqtQ1NjOx74U:AEkYcWxq1+TtIiFv0VQOCg6Cl

Score
9/10
credential_accessdiscoverypyinstallerspywarestealer

Malware Config

Targets

    • Target

      cstealer.exe

    • Size

      11.0MB

    • MD5

      b4b661eec8fd7da2e4c192cbf8a1b15e

    • SHA1

      08269aea21c2a960f9e3a47afb97dc5468d0f4d5

    • SHA256

      8f511b93fda434147a3d0b5d05d209fb30be3c7a4ce3d4e23e83361701968bdc

    • SHA512

      6976dcd64fc0d85130bcc2ea22d2b61aa2bca6ec4286a3c87faef1dbfa988be90ec925caffd08b5cee0c36bd3f3388d93aac651f3e549740fc2c85e3e4328e5c

    • SSDEEP

      196608:UJvEkYclwuLIRBA1HeT39Iigwh1ncKOVVtcTSE37tqtQ1NjOx74U:AEkYcWxq1+TtIiFv0VQOCg6Cl

    Score
    9/10
    credential_accessdiscoveryspywarestealer

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

    • Target

      cstealer.pyc

    • Size

      67KB

    • MD5

      4d8dc814d9c811129cc5ea5116669528

    • SHA1

      74545247fa3d73a5b8e5b1e87733bf15eb96af52

    • SHA256

      346c674b23275075430eb52fb7a38f8898bd047716619cf0d0c48bc0ae353363

    • SHA512

      710f02fc6883b401c9790f12a4bb4243c6c8fc7cf784cf8ccc4514bbdb672fb3970ecdaec1e64e06d123406a2db6f7e3c27b71460bbe4cd9b7e31e5c2b0924c4

    • SSDEEP

      1536:l0xqOgPxpqBJlMstbo88jLQQFX3qS0Vr+LRheG:lq4/+bo88PDXh0r+LRP

    Score
    3/10
    discovery
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks