eadfa85ca0e5f81b840a6c860e6363a5067ae5a9c0ea50e568947ebf2fabbe0a

Resubmissions

23/04/2023, 23:37

230423-3mbcbsge83 8

Sharing

Copy URL Twitter E-mail

General

Target

Creal-Stealer-main.zip
Size

421KB
Sample

230423-3mbcbsge83
MD5

b4aff2dd62a248d6790dee0c0995f930
SHA1

96809604e775dc4a157adf9e87ab6a4d8bbaf1d9
SHA256

eadfa85ca0e5f81b840a6c860e6363a5067ae5a9c0ea50e568947ebf2fabbe0a
SHA512

fb9d31f1312b0f48b471a706b3dc11af3b3b0a0f4a2a51bd1b621e61d067c5c44c6052166bf9a4290f4dcc6ebc897a47411e643114c45502df9380df4c2b428c
SSDEEP

12288:rBgyLLWrRFqj4bQHFRbLyy7T4VfOG9JZ6rD2:NgwWXrcHFQ+UVfO4Z+D2

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  Creal-Stealer-main/.github/FUNDING.yml
- Size
  
  734B
- MD5
  
  adf24572c583af68e24754c6eeba820e
- SHA1
  
  389342c098dcf5aba25a039383755ac18f80de74
- SHA256
  
  736344ae3843216c8830229b471c43cb2628468425e3188727708df2f2e441ad
- SHA512
  
  87d3c35e5d4d65c803360dbed92dfc35ac06b6972bc2fed37f0e883e591d2528584368a87f5a59585d6227e3e74912f41b8a64c5291c77f85bc0c78830057b1f
Score

3^/10
behavioral1 behavioral2
- Target
  
  Creal-Stealer-main/Creal.py
- Size
  
  42KB
- MD5
  
  0a36ca81f0748d475901b77960372b1e
- SHA1
  
  cf6bffe84359d08297c29a26fe569f8fe7b8c2fd
- SHA256
  
  c7c8e6423ab269267cdfcb18841c2b20bc8c51c4f47c906d718e4eb8f4b99f83
- SHA512
  
  8e694b576b7e3675e74f21898fb9a1fa894c5d28103bd373cccdb528bb9f4b5e259094a0c1d2724322c46c96d9b3b8b6d1f07044f20f6cbd5d14c0dd678b04a8
- SSDEEP
  
  768:QWDAWR7nX5hjhOCSOHSFhf1PffpLCBzwjSqefgSmr4C8Pi7W/:QWkWR7nHjhFSJLR+2SmM+W/
Score

3^/10
behavioral3 behavioral4
- Target
  
  Creal-Stealer-main/IfYouInfected.md
- Size
  
  1KB
- MD5
  
  7ef841b953ec1e01835e9b460d6cf214
- SHA1
  
  63c893277266becb6cea8f91e66009574cde64cc
- SHA256
  
  418467de9f5fea315e835adfd27d03de791ebc30d057ecc33e41b74e23b668ef
- SHA512
  
  fb4ba2a54888db796b5ca5246fd010631f0f2098e7a262b41afe4b3fcc5a74cadb55d009676eb4b83da11b48c7f98c539e9e5714174269bbbe67e3f08ce4b438
Score

3^/10
behavioral5 behavioral6
- Target
  
  Creal-Stealer-main/LICENSE
- Size
  
  1KB
- MD5
  
  c20b81a8d4e15dd4c3f705c49c4ddd1f
- SHA1
  
  b4b5125775876a4dbdc7defd4c96e54404d9db0a
- SHA256
  
  1f691a31346212e0d97022e388112f5c442105fb0e89bcaa5638b832c1c07029
- SHA512
  
  9efa4a6c9fdae1753eaff05ee5e424be11faeb3eba013cfabd90e43ab95a290d760511abc897492d79607455bf1e8aa1ff6d3348b8167304b4765fe1a86d0f88
Score

1^/10
behavioral7 behavioral8
- Target
  
  Creal-Stealer-main/README.md
- Size
  
  3KB
- MD5
  
  9e613c800b1413c95c79c868367377b0
- SHA1
  
  fc97eb5ba98f96693da888d03224e4710e5f8749
- SHA256
  
  572e05974568d3b9d1aa848975cb7010afa63ae8ed4dc603856d164c0424fb95
- SHA512
  
  04b8ec1c20e33974691f26f6eabc7d911f4c923570d584bb1f14ab9a06c3288ae780110b9625c096a906776a3bc5ce8149eec10093f66536f8e8e7b62e63a71f
Score

3^/10
behavioral10 behavioral9
- Target
  
  Creal-Stealer-main/builder.bat
- Size
  
  56B
- MD5
  
  001b0fde2e65ae4f8fa280ccdb746c93
- SHA1
  
  6f3ad8b217f090c0a37ae21ee6f0065e58635771
- SHA256
  
  06c326475f195707960159fd70e759bbba1f8b638fb4f749bad68fbb0b728aa2
- SHA512
  
  de065f3c04647f572bc8436c5aacd400956954bec23dcad8db2ddfe2689c37bb2ba0221e84ce11e826c9f9efc43d1782ccd28e76c9c25fba3e277f1b694c781a
Score

1^/10
behavioral11 behavioral12
- Target
  
  Creal-Stealer-main/builder.py
- Size
  
  4KB
- MD5
  
  56a89bbfa4d8741b264fdc77800ea87f
- SHA1
  
  dc1bf8657c27c0208ea5ed86772eb888e2a2b7ed
- SHA256
  
  bf27009d7cdfd6f9449a7dfa036ada78bc613861c1b91bf365f78f4d7cf2fe50
- SHA512
  
  20b624dfa7610e8df52e6de74553cb23471b8e1402ebcb3e15783ab201e68857d435ae68800e3e00b37dab73940a976eea744da517733bf9efafbc6df7029679
- SSDEEP
  
  48:cm8IzsW071hzsGx0h+zgEC5PsOq7lm+7hUhTlvJd46MhHu4uze4uz7Fnt5vJd4bq:cm8ewmnJYb9wC6ZSvubq
Score

3^/10
behavioral13 behavioral14
- Target
  
  Creal-Stealer-main/img/CrealNew1.jpg
- Size
  
  136KB
- MD5
  
  20f81c74b092e8727e1eaee9c54734bb
- SHA1
  
  0d8518938cde6c43113fd1297da1408a013bf51c
- SHA256
  
  797223a3f4e354f907338c5f915d904b9eee9c4fd190b4a4524b71cfd22dce35
- SHA512
  
  b976617b38de0aba4cee7ad81666c5c7abe7540d28ef9f7762683be6a290f57e3189a6a9435ce5957636c2c5e6c76a168dd6fce0da85298ecb976cb6d54694ee
- SSDEEP
  
  3072:NCnNrHRq6EgI8q7HIBqj1077YkKH/rtHVwV4BdcK:CxHRqKIR7Zjm7QfrtHu4Bdb
Score

3^/10
behavioral15 behavioral16
- Target
  
  Creal-Stealer-main/img/CrealNew2.png
- Size
  
  55KB
- MD5
  
  3b85ef298f92a1dfd0b145ba1c29d08c
- SHA1
  
  beafa7e1bde0f9d6bc17f9bce0727dfbf31e2fbd
- SHA256
  
  7c029c8fdecc3ea4276a806d09f8f79d5a36aaa2883501b0b2c34482afcd3daa
- SHA512
  
  9ae5330377f56a5f69f74ea38717a6f38449e0b1db06fa4d2b16a040aa3bc03e591efb3290dbddb4939be9ba8b94126ad252d136756ae995b55341569d925f8f
- SSDEEP
  
  1536:uoyjtXLdkXWISx3dLJzLDQtE9VNZS+LqGXnQ36gSOWXrKd/pUKkTcV:LyJxkGISLdDQtE7S2bXnw6eUKk4V
Score

3^/10
behavioral17 behavioral18
- Target
  
  Creal-Stealer-main/img/CrealNew3.png
- Size
  
  124KB
- MD5
  
  367499813472e76ad182e55eacab9ee6
- SHA1
  
  c6cd7dd01990af6690c91bd252707ec0d5ec34b7
- SHA256
  
  57c68b1185683c0015456140673052c5ec66de7fb9908f4c59d361504382d316
- SHA512
  
  10b6e7c3011c18b5f028d50126fcb1ac3139d6ff9b79333d0cba18b017a51f9e87e313e484c8a3ee510b64603eb5cb19a6d42d972af8fd2e178c527879b08c03
- SSDEEP
  
  3072:NRiUhS07Dyf4HRTth75r6+2mrtolVgQcK:S82mJ5mEyjgq
Score

3^/10
behavioral19 behavioral20
- Target
  
  Creal-Stealer-main/img/builderr.png
- Size
  
  37KB
- MD5
  
  f6e2610503c8f002a5c355ed83b141bf
- SHA1
  
  bfdd1ba813237dc21a728be7fa9998bec0e4bbf7
- SHA256
  
  5e39f3cd328a432b7061f2a88af4d4d9b56fc52035040c6d72a7063ccc557344
- SHA512
  
  5131d14960f0fc3534e8f3b62f8c00e9b4a4351a9c7fd92719c02beffc400d1f94d1194bb2845a1b0c03ba5d7f103a3b614d4dbe696d7729d82fbc4accf672b4
- SSDEEP
  
  768:K6cGRqj9B8eNrsSx88FCo/YO/evGfoQ1Sp4lCxGtXFsQT/8mAERbr1v:K2RU6+Yihs2eGxQp7xGBFsuUERbpv
Score

3^/10
behavioral21 behavioral22
- Target
  
  Creal-Stealer-main/img/pyy.png
- Size
  
  50KB
- MD5
  
  37d6b1070131d25bbe407fdfb6a1d34f
- SHA1
  
  9ac28110663e5bb518cda9e7d6dffc5945e702fb
- SHA256
  
  bdea023b9432b8ed279d05262cde407523ea85183538ec97b670b3a0217b4a70
- SHA512
  
  636ca87722c18c2cb85f1f7f4bd7e8c434d159cfb044e9d50dda2404cd350eadc361d50e0cb295507e2325dfe38eacad4e594e81a8f8964ffac28292ad7e97db
- SSDEEP
  
  768:reGozlUOjEs8tf+tohVYhZruituE4iaoAlEQ3RhHW7RFVqroEb2qYQsF22tsqmet:rRoCOjEzflh2fiCI7RhHWdrERYdmeFj
Score

3^/10
behavioral23 behavioral24
- Target
  
  Creal-Stealer-main/img/xd.jpg
- Size
  
  44KB
- MD5
  
  d8b7adbe864a5dfa9d0f9b9a54df1fa5
- SHA1
  
  3d583090faf9e28f127d30333cd2eba7ae076de9
- SHA256
  
  40cd9f31c18eb65248038220d8c6983de03702ec2f7bb5e38ccb248ff02b926d
- SHA512
  
  610f8f8946d417c6d7b64d05be56055277b54f3ed29b472d0f2cc9f08d6c1c42f8af40420ac328f0cee9fc5dccbc43e9b6ba6540c4f4530661e0bb613852375e
- SSDEEP
  
  768:1Vhv+czdSevhsTZHMpeiXYmui9JKEtZfB+ITJtD5VznC:1Vhv+cE6aTRriXYmbTKMpJP5VzC
Score

3^/10
behavioral25 behavioral26
- Target
  
  Creal-Stealer-main/install.bat
- Size
  
  161B
- MD5
  
  6e850049ee08bf9ed50bfdee6e6934c5
- SHA1
  
  4fcf058207a8c7acbbb08a8c752dc803c66c6963
- SHA256
  
  65df947f76e4c904718c25a0a318ca6f35bdd2328c818ee3b09d75f0f43fa710
- SHA512
  
  3cd1a3098791670756f8151a952b12183e8d74aac28809afb3433565b40dc2d583648d479ab064345c9409f7cb534504ec471cfdfd884a1d420341c975d55609
Score

1^/10
behavioral27 behavioral28
- Target
  
  Creal-Stealer-main/install_python.bat
- Size
  
  687B
- MD5
  
  821f007d1c56bb3f4511bab928ce8f63
- SHA1
  
  a22b0d76f5ef0e145629dded82e195486675774a
- SHA256
  
  434f9d4a2a7a5088aa393b47ad8e957a15481cd3078f10b3c0f7ec6fe5f497c2
- SHA512
  
  f1db8db20e25d8d06828ead22e70a28411bf32faa7dd14816ef833efe548a046e9383cb51aa100d49555f2cc9c1f74bf10aef871a0e6724da5f96c690770dd4d
Score

8^/10

discovery persistence
- Blocklisted process makes network request
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral29 behavioral30
- Target
  
  Creal-Stealer-main/junk.py
- Size
  
  5KB
- MD5
  
  e796fd742bb555174ee83f3ce4118d0c
- SHA1
  
  9b3b86b4614ee9e64cd836aa77f1fc43102df026
- SHA256
  
  3c9881a0bf734894ca5603e5f5c63e84111b9f3415fb27c69d80cb3f54be6ec5
- SHA512
  
  3106f4593989a13673bebf847d958a3359f930e36bfda7cd1e0c91d94e2e0d461d5e0250c27f3475e0ffd58c5ad8e6338315e91e985c31390fd8839e20ef0943
- SSDEEP
  
  96:hj1UM1piEsD1UM1piEFb1UM1piEsD1UM1piEFb1UM1piEsD1UM1piEFR:V1v1piZ1v1pi+b1v1piZ1v1pi+b1v1pA
Score

3^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Blocklisted process makes network request

Downloads MZ/PE file

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Registers COM server for autorun

Adds Run key to start application

Checks installed software on the system

Enumerates connected drives

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32