crealstealer | f7110ae75ffe30c4d84780385ea584d7acf7bea83b24b27ab2cd8d83c7799ad6

General

Target

Stealerium.rar
Size

6.3MB
Sample

250106-affdgszkhx
MD5

9da7fe386a49a17afe0060a80bb883ed
SHA1

cee140a33f3d7d861ade13e1800e9549c0cf6736
SHA256

f7110ae75ffe30c4d84780385ea584d7acf7bea83b24b27ab2cd8d83c7799ad6
SHA512

723adeab975d92d8c2884de9b57e16f089be91bb28000f1dbb854a09a0aca3f461c1de787f645b04e640495189ea9694977e609a4488e48ff2fa7f3b6a8f4079
SSDEEP

196608:DURYFfg3aqN1sEQA4+ssxReDwqy5Evw/PfQRzLg:Dbov1yD++Dny2Y/glE

Score

10^/10

Malware Config

Targets

- Target
  
  Stealerium/Stealerium.exe
- Size
  
  6.5MB
- MD5
  
  5459cb7f9a4d0ead8c2e57d91b7d8db9
- SHA1
  
  6f52b529b9f5e1fe796e70614c0084f05a7b01cf
- SHA256
  
  36c6338180350081adaf2ea52e4d39c29ddcbd4b7a52bc1a3d125ea97f6100be
- SHA512
  
  bfeb3bd6a35a0b7a8e9744a405e519e4ff6296612ec130a9170bc3f27bc96af136cf911b6dd87919319d212d14908dd46c56edf371a6253c58572365a2bf44d6
- SSDEEP
  
  98304:Nm8DwH8jFZikk6CmMkSxtK5AgHsJT1PC2OBcXWtPdtLifKcWMjeX9l75BHS8pttJ:Nm6E8H/COs1PCtbPd5xMkfGY3FtYIIS
Score

1^/10
behavioral1 behavioral2
- Target
  
  Stealerium/install.bat
- Size
  
  161B
- MD5
  
  6e850049ee08bf9ed50bfdee6e6934c5
- SHA1
  
  4fcf058207a8c7acbbb08a8c752dc803c66c6963
- SHA256
  
  65df947f76e4c904718c25a0a318ca6f35bdd2328c818ee3b09d75f0f43fa710
- SHA512
  
  3cd1a3098791670756f8151a952b12183e8d74aac28809afb3433565b40dc2d583648d479ab064345c9409f7cb534504ec471cfdfd884a1d420341c975d55609
Score

1^/10
behavioral3 behavioral4
- Target
  
  Stealerium/install_python.bat
- Size
  
  687B
- MD5
  
  821f007d1c56bb3f4511bab928ce8f63
- SHA1
  
  a22b0d76f5ef0e145629dded82e195486675774a
- SHA256
  
  434f9d4a2a7a5088aa393b47ad8e957a15481cd3078f10b3c0f7ec6fe5f497c2
- SHA512
  
  f1db8db20e25d8d06828ead22e70a28411bf32faa7dd14816ef833efe548a046e9383cb51aa100d49555f2cc9c1f74bf10aef871a0e6724da5f96c690770dd4d
Score

8^/10

execution discovery
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral5 behavioral6