Overview

overview

10

Static

static

10

builder.exe

windows7-x64

7

builder.exe

windows10-2004-x64

7

Creal.pyc

windows7-x64

3

Creal.pyc

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    builder.exe

  • Size

    19.8MB

  • Sample

    250202-j929satkcv

  • MD5

    95419e62271175d0d3b3306b0befffb3

  • SHA1

    e5a126c4d582372385212d804658056651599d95

  • SHA256

    394a76cae20c6d644a5f9a12099b48ee2058f6b03ff3f83805bb5d078248cb8c

  • SHA512

    5d2de343eb27d2bc471f7368debe98665c07a3a1a79ab2e2b084312f807db07697aa3f3a79b1b683c54b364020f012f812a8018fecf08419011f6945da4771bf

  • SSDEEP

    393216:MQtstvdqJr7M5liAdQJlOwF3MnG3otl5cGaABo1edW3zCd1Z5Z:MQtstVA7M5lndQD3MGYNjbCOf

Score
10/10
crealstealercredential_accessdiscoverypyinstallerspywarestealer

Malware Config

Targets

    • Target

      builder.exe

    • Size

      19.8MB

    • MD5

      95419e62271175d0d3b3306b0befffb3

    • SHA1

      e5a126c4d582372385212d804658056651599d95

    • SHA256

      394a76cae20c6d644a5f9a12099b48ee2058f6b03ff3f83805bb5d078248cb8c

    • SHA512

      5d2de343eb27d2bc471f7368debe98665c07a3a1a79ab2e2b084312f807db07697aa3f3a79b1b683c54b364020f012f812a8018fecf08419011f6945da4771bf

    • SSDEEP

      393216:MQtstvdqJr7M5liAdQJlOwF3MnG3otl5cGaABo1edW3zCd1Z5Z:MQtstVA7M5lndQD3MGYNjbCOf

    Score
    7/10
    credential_accessdiscoveryspywarestealer

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery
    behavioral1behavioral2

    • Target

      Creal.pyc

    • Size

      55KB

    • MD5

      2a27c5a2380383e0eef2ee5d7e2e355d

    • SHA1

      7896926b0fd1fb7027b32ea9e211b531231584b8

    • SHA256

      aac7ee2790a33f22c1dac95d9b858f6bcc4b952ff059a3c9af40f893a14be5b3

    • SHA512

      cb9b275565142b7a8fb1f42c9101c067f02d75dadd4bdd08752c92eca4b46c71bb83b9565155c85f4a1aa58db1efea11a73346be0da71c4d71508a0fa8d2a5f5

    • SSDEEP

      768:s7WnrgpVIVk9+X6GpX0xoWyWtXt4OXXFFYAl/fBS5AZFm/bj3+eO3Wb38f:Dr47+LtaoULXFFYAyiUj3aWb3y

    Score
    3/10
    discovery
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks