General
-
Target
builder.exe
-
Size
14.3MB
-
Sample
240820-22q6nasajr
-
MD5
0ad57b220794fa7ea977c2febf932710
-
SHA1
fea4a079c63ac9c12efbd7e6e04d19d6cd8819a5
-
SHA256
f41530b3fa407d4ad80f76356f939b85d70b0b95858608de8149c0e54331eeca
-
SHA512
d420e8694d7c4209a0beff7927616053258858e04c2eba2000a30ced1721c96741a6b143a7a70edd882380a38608ccd874c376e4ceadcf0d47269fb060784a1b
-
SSDEEP
393216:ku7L/sQQdQuslSq9RoWOv+9fggR6iM40Fe:kCL0QQdQuSborvSYgor9F
Behavioral task
behavioral1
Sample
builder.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
builder.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
Creal.pyc
Resource
win7-20240729-en
Behavioral task
behavioral4
Sample
Creal.pyc
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
builder.exe
-
Size
14.3MB
-
MD5
0ad57b220794fa7ea977c2febf932710
-
SHA1
fea4a079c63ac9c12efbd7e6e04d19d6cd8819a5
-
SHA256
f41530b3fa407d4ad80f76356f939b85d70b0b95858608de8149c0e54331eeca
-
SHA512
d420e8694d7c4209a0beff7927616053258858e04c2eba2000a30ced1721c96741a6b143a7a70edd882380a38608ccd874c376e4ceadcf0d47269fb060784a1b
-
SSDEEP
393216:ku7L/sQQdQuslSq9RoWOv+9fggR6iM40Fe:kCL0QQdQuSborvSYgor9F
Score9/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Drops startup file
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
-
-
Target
Creal.pyc
-
Size
118KB
-
MD5
a50bb5d6acabe424d02dab1a91280871
-
SHA1
9f6e043edc153b78799cba50030f8b0fd8da2824
-
SHA256
71ce8d96ade33e71f4ebb46af96d45c8bf0e7fadba447530ca1d720d5e9fc2e4
-
SHA512
b53bbee2ffd5c6eba9b0a488a71279196b693ff04aa61af7fe7e01fbf6b8787052b0de3571e4b69f3ad34e0980bd38208ff791a79f75b5ea3d6e3027abd09d7e
-
SSDEEP
1536:WbrYtvlAgeRcHMP00jnR0yduQhK3URTLm4SFQxUhf0tjILmnbyc5YE0cV:WbktvlDYjqj93AxUf05v5YEH
Score3/10 -
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3