crealstealer | 6aceeac6f374351f34b9cd3fa36198ca5b6835b83f8c8433fcfd1c2ffb13a6b3 | Triage

Submit
Reports

Overview

overview

Static

static

Luna-Grabb...er.exe

windows11-21h2-x64

7

Sharing

General

Target

Luna-Grabber-Main-main.zip
Size

19.6MB
Sample

250405-fwpjzstk13
MD5

266942919795bf1bd4942fd71871da92
SHA1

7e091b2465d2e50875128a1aa9e921fb6c65db40
SHA256

6aceeac6f374351f34b9cd3fa36198ca5b6835b83f8c8433fcfd1c2ffb13a6b3
SHA512

0f655c688a4a3e9cac8b2204cba412c66335876f53988dd2408b99cd2aa4f75c8296f8e6ee3f87aecbb3e044340b483dd74f595901b30c4026762b798309b86e
SSDEEP

393216:1h6KmqySo7UsqhG3US2et9XbPOs7HbALhdvItm7MWDDg5q+:TTmqySow3G3US2enPOpzGWV+

Score

10^/10

crealstealer credential_access discovery pyinstaller spyware stealer

Static task

static1

pyinstaller crealstealer

4 signatures

Behavioral task

behavioral1

Sample

Luna-Grabber-Main-main/builder.exe

Resource

win11-20250313-en

credential_access discovery spyware stealer

windows11-21h2-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  Luna-Grabber-Main-main/builder.exe
- Size
  
  19.8MB
- MD5
  
  95419e62271175d0d3b3306b0befffb3
- SHA1
  
  e5a126c4d582372385212d804658056651599d95
- SHA256
  
  394a76cae20c6d644a5f9a12099b48ee2058f6b03ff3f83805bb5d078248cb8c
- SHA512
  
  5d2de343eb27d2bc471f7368debe98665c07a3a1a79ab2e2b084312f807db07697aa3f3a79b1b683c54b364020f012f812a8018fecf08419011f6945da4771bf
- SSDEEP
  
  393216:MQtstvdqJr7M5liAdQJlOwF3MnG3otl5cGaABo1edW3zCd1Z5Z:MQtstVA7M5lndQD3MGYNjbCOf
Score

7^/10

credential_access discovery spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Enumerates processes with tasklist
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

pyinstallercrealstealer

behavioral1

credential_accessdiscoveryspywarestealer

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.