a30227ac705282ab7f4b59e726cb480ee28af1972ac0dfd8d750786a70b63219 | Triage

Submit
Reports

Overview

overview

7

Static

static

3

Creal.exe

windows7-x64

7

Creal.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

Target

Creal.exe
Size

16.9MB
Sample

230822-zva5ragh3t
MD5

c43ece8537a08cdd41a6ba220d5df517
SHA1

d1323d3a382c7d70803737c087e4378251350224
SHA256

a30227ac705282ab7f4b59e726cb480ee28af1972ac0dfd8d750786a70b63219
SHA512

3063784011076bcba2026368ff8f077e1339694795e7c5783aadc40e2223fc41bc963839f27d13c2ef131dee357fb752e64d2a6662b7d3664f54ba574fdb3b5d
SSDEEP

196608:ew0sKYu/PaQts1q4FMIZETSRjPePdrQJM96KbABL9vQ8lc1pd4ilW39Bn4iyH6Rl:7QtswQETSRvJQnEvQ8g0iWNB4pVIT

Score

7^/10

pyinstaller spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Creal.exe

Resource

win7-20230712-en

windows7-x64

7 signatures

300 seconds

Behavioral task

behavioral2

Sample

Creal.exe

Resource

win10v2004-20230703-en

spyware stealer

windows10-2004-x64

9 signatures

300 seconds

Malware Config

Targets

- Target
  
  Creal.exe
- Size
  
  16.9MB
- MD5
  
  c43ece8537a08cdd41a6ba220d5df517
- SHA1
  
  d1323d3a382c7d70803737c087e4378251350224
- SHA256
  
  a30227ac705282ab7f4b59e726cb480ee28af1972ac0dfd8d750786a70b63219
- SHA512
  
  3063784011076bcba2026368ff8f077e1339694795e7c5783aadc40e2223fc41bc963839f27d13c2ef131dee357fb752e64d2a6662b7d3664f54ba574fdb3b5d
- SSDEEP
  
  196608:ew0sKYu/PaQts1q4FMIZETSRjPePdrQJM96KbABL9vQ8lc1pd4ilW39Bn4iyH6Rl:7QtswQETSRvJQnEvQ8g0iWNB4pVIT
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy