General
-
Target
Creal.exe
-
Size
14.9MB
-
Sample
230204-xvcx8sec25
-
MD5
00b471bd631a06fb4b21b345effb880b
-
SHA1
b6e52506741ba627a96e681cb381db90c3fd21ca
-
SHA256
22cb2fba2dde578f61c82ed450c88c9060629fa7736bb7e27a584c97473c0883
-
SHA512
29c403af0115254f1b449c3a0d7de2eb816ad5458b9168f72b80aa28684ceec6e6e43a79e9f9832bdd6cc58e6700d51b6e587be320dea1654d584df95c1df9c1
-
SSDEEP
393216:GxAlnAT6K4/m3pWFqyoBgsSI7oeCMJf0:XlAWK4K91p75CMJ0
Behavioral task
behavioral1
Sample
Creal.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
Creal.exe
-
Size
14.9MB
-
MD5
00b471bd631a06fb4b21b345effb880b
-
SHA1
b6e52506741ba627a96e681cb381db90c3fd21ca
-
SHA256
22cb2fba2dde578f61c82ed450c88c9060629fa7736bb7e27a584c97473c0883
-
SHA512
29c403af0115254f1b449c3a0d7de2eb816ad5458b9168f72b80aa28684ceec6e6e43a79e9f9832bdd6cc58e6700d51b6e587be320dea1654d584df95c1df9c1
-
SSDEEP
393216:GxAlnAT6K4/m3pWFqyoBgsSI7oeCMJf0:XlAWK4K91p75CMJ0
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-