Overview

overview

7

Static

static

3

Creal.exe

windows7-x64

7

Creal.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    Creal.exe

  • Size

    12.8MB

  • Sample

    230111-2k73vaee97

  • MD5

    72b0035377dfcfdb0dca1b8957854cd9

  • SHA1

    a07e625da47dce8b55b174a7a3053343d7e47d14

  • SHA256

    dc04eb78951433f0cf7cb6091b260ae0d6cd79b3e89fc8d43e52a1299bb877fb

  • SHA512

    a38a2614cd2d81e432742bb26259e8145ee624b9755d8ad109a001cb4e51c802c9eeed90d4ad756d04882fa784857a7a19c0b84b1bf48359680e46298192fb79

  • SSDEEP

    196608:3JdzUjpRjowdQmR5dA6l6uErSEEJwzeiOF6OVoCwxJYPO3kspvdVQzVbMkfGnEV:/oVRj7dQ2l6+9JqelSxJdndg3d

Score
7/10
pyinstallerspywarestealer

Malware Config

Targets

    • Target

      Creal.exe

    • Size

      12.8MB

    • MD5

      72b0035377dfcfdb0dca1b8957854cd9

    • SHA1

      a07e625da47dce8b55b174a7a3053343d7e47d14

    • SHA256

      dc04eb78951433f0cf7cb6091b260ae0d6cd79b3e89fc8d43e52a1299bb877fb

    • SHA512

      a38a2614cd2d81e432742bb26259e8145ee624b9755d8ad109a001cb4e51c802c9eeed90d4ad756d04882fa784857a7a19c0b84b1bf48359680e46298192fb79

    • SSDEEP

      196608:3JdzUjpRjowdQmR5dA6l6uErSEEJwzeiOF6OVoCwxJYPO3kspvdVQzVbMkfGnEV:/oVRj7dQ2l6+9JqelSxJdndg3d

    Score
    7/10
    spywarestealer

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks