crealstealer | 5f5308bcbbfa5b1627d8462b686d2566b2813c23d00b851fae774e8836185d71 | Triage

Submit
Reports

Overview

overview

Static

static

a.exe

windows11-21h2-x64

7

Sharing

General

Target

a.exe
Size

19.4MB
Sample

250218-qamhls1q16
MD5

1f7dbf7131aa034ec16445a2f4f7dcd5
SHA1

facdb79816af25d725d8035dc4bf6b52b76a8eb8
SHA256

5f5308bcbbfa5b1627d8462b686d2566b2813c23d00b851fae774e8836185d71
SHA512

82584e74578e2093606b512f07c172d76342b383556d728749d30182afeb807cc43ff6f05c9fada22d556eb4e84afbfeb4f856990a8ebcf099615af1bb7be055
SSDEEP

393216:QiIE7YoPQtstQdq/Kmr2pu0tTtdQJluwF3MnG3oTl5iakBq1eZW3WpRZ5YHw:R7rPQtstqoKmr2puI5dQz3MGY3gZDyQ

Score

10^/10

crealstealer credential_access discovery pyinstaller spyware stealer

Static task

static1

pyinstaller crealstealer

4 signatures

Behavioral task

behavioral1

Sample

a.exe

Resource

win11-20250217-en

credential_access discovery spyware stealer

windows11-21h2-x64

10 signatures

900 seconds

Malware Config

Targets

- Target
  
  a.exe
- Size
  
  19.4MB
- MD5
  
  1f7dbf7131aa034ec16445a2f4f7dcd5
- SHA1
  
  facdb79816af25d725d8035dc4bf6b52b76a8eb8
- SHA256
  
  5f5308bcbbfa5b1627d8462b686d2566b2813c23d00b851fae774e8836185d71
- SHA512
  
  82584e74578e2093606b512f07c172d76342b383556d728749d30182afeb807cc43ff6f05c9fada22d556eb4e84afbfeb4f856990a8ebcf099615af1bb7be055
- SSDEEP
  
  393216:QiIE7YoPQtstQdq/Kmr2pu0tTtdQJluwF3MnG3oTl5iakBq1eZW3WpRZ5YHw:R7rPQtstqoKmr2puI5dQz3MGY3gZDyQ
Score

7^/10

credential_access discovery spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Enumerates processes with tasklist
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

pyinstallercrealstealer

behavioral1

credential_accessdiscoveryspywarestealer

© 2018-2025

Terms | Privacy