crealstealer | 6625922f4bcb3d41341bf514f1e5a33b716f3cba336ff73859b454bcb86ada09 | Triage

Submit
Reports

Overview

overview

Static

static

Renicail/r...nu.exe

windows10-2004-x64

7

Sharing

General

Target

reni-main.zip
Size

16.4MB
Sample

250414-rcpw7azwbz
MD5

8c44ef63d0306f0bfb9da71caa68a2df
SHA1

f22d5c8995eb471fac9b20365fc82afa483011ae
SHA256

6625922f4bcb3d41341bf514f1e5a33b716f3cba336ff73859b454bcb86ada09
SHA512

5a29d9db7e2786b50627e1c42f4013d8bc3fa26a168182c49f554735279e33c6e1afaef3b00db7fdb0da1ed5494b6db0f2c469ab1b6e3c98143feda2772cffae
SSDEEP

393216:9j+CQE0xNJZEZwWUK7v5bo1HYkuyrZvH3p02re:9j+p3qZAK7poZUyN/yIe

Score

10^/10

crealstealer credential_access discovery pyinstaller spyware stealer

Static task

static1

pyinstaller crealstealer

4 signatures

Behavioral task

behavioral1

Sample

Renicail/renicail_menu.exe

Resource

win10v2004-20250410-en

credential_access discovery spyware stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  Renicail/renicail_menu.exe
- Size
  
  16.6MB
- MD5
  
  1e242ecb3a0bd6a3bbb510cdf4b2250c
- SHA1
  
  9bde576d012509aaf8e3febe6fe2a1ab21f6437d
- SHA256
  
  cf6257d55f51e99a4f7a5cacd0a611dda670fcb38c7779fd32615efab2dcf824
- SHA512
  
  b002270faaf5fd2065c973768353031b7f808af23949f0e1a03121b96c63b93a46ff4be735ebd3929f76f0ff2dfa29e765205c5e205d0990316591b6abc73414
- SSDEEP
  
  393216:hu7L/pxgQ2aUX47d4arXsS8RzdChdjaK1:hCLBqQ2aUI7d4arXsS0KaK
Score

7^/10

credential_access discovery spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Enumerates processes with tasklist
  discovery
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

pyinstallercrealstealer

behavioral1

credential_accessdiscoveryspywarestealer

© 2018-2025

Terms | Privacy