crealstealer | fce4891d0ca542d32448ba0d79fe853654cbd7eeb81768ac36cb0316609ea8a0

Sharing

Copy URL

Twitter E-mail

General

Target

Creal-Stealer-main.zip
Size

385KB
Sample

231211-3tenbscfc3
MD5

d99407d0c43b6082c890a26f331b0201
SHA1

4e2022d57949fe3a5634fd3b56731287646b87c3
SHA256

fce4891d0ca542d32448ba0d79fe853654cbd7eeb81768ac36cb0316609ea8a0
SHA512

7a103a34e5fed4dc89a630d999d4e9a9c6327dc2305c4b54e3db519577a01c87f355170e831399dcba83d6348b68ebedb6aba9132dd787c7bf5a1c12ea2a92e5
SSDEEP

12288:jRiCtqedNidWy+IIDcDBQHoJRdfgVffG9JZ6QDe:NBt5OV+3mndfgVff4ZpDe

Score

10^/10

Malware Config

Targets

- Target
  
  Creal-Stealer-main.zip
- Size
  
  385KB
- MD5
  
  d99407d0c43b6082c890a26f331b0201
- SHA1
  
  4e2022d57949fe3a5634fd3b56731287646b87c3
- SHA256
  
  fce4891d0ca542d32448ba0d79fe853654cbd7eeb81768ac36cb0316609ea8a0
- SHA512
  
  7a103a34e5fed4dc89a630d999d4e9a9c6327dc2305c4b54e3db519577a01c87f355170e831399dcba83d6348b68ebedb6aba9132dd787c7bf5a1c12ea2a92e5
- SSDEEP
  
  12288:jRiCtqedNidWy+IIDcDBQHoJRdfgVffG9JZ6QDe:NBt5OV+3mndfgVff4ZpDe
Score

1^/10
behavioral1
- Target
  
  Creal-Stealer-main/.github/FUNDING.yml
- Size
  
  734B
- MD5
  
  adf24572c583af68e24754c6eeba820e
- SHA1
  
  389342c098dcf5aba25a039383755ac18f80de74
- SHA256
  
  736344ae3843216c8830229b471c43cb2628468425e3188727708df2f2e441ad
- SHA512
  
  87d3c35e5d4d65c803360dbed92dfc35ac06b6972bc2fed37f0e883e591d2528584368a87f5a59585d6227e3e74912f41b8a64c5291c77f85bc0c78830057b1f
Score

3^/10
behavioral2
- Target
  
  Creal-Stealer-main/Creal.py
- Size
  
  42KB
- MD5
  
  fea991e39b09a902a852c6937ea2c4da
- SHA1
  
  9ac29c2b31dabed65e7a716587840e2a1815cd42
- SHA256
  
  baa6a5816056c73f157f72d0cc3875832033eeeb261049374567a85a83d0253a
- SHA512
  
  6344376db55cc871f27b380862f2648f90d9ef4f0c37e83ddd64ed011c68c67c55cee50d9536414e7bf88d7a7bb645fb5648c08339dfddeee98d82af98fd4bc5
- SSDEEP
  
  768:Q1DAWRknXeihOCSlqLCxzAj6VppDPi7WR:Q1kWRknhhFSQLhmVpoWR
Score

3^/10
behavioral3
- Target
  
  Creal-Stealer-main/IfYouInfected.md
- Size
  
  1KB
- MD5
  
  7ef841b953ec1e01835e9b460d6cf214
- SHA1
  
  63c893277266becb6cea8f91e66009574cde64cc
- SHA256
  
  418467de9f5fea315e835adfd27d03de791ebc30d057ecc33e41b74e23b668ef
- SHA512
  
  fb4ba2a54888db796b5ca5246fd010631f0f2098e7a262b41afe4b3fcc5a74cadb55d009676eb4b83da11b48c7f98c539e9e5714174269bbbe67e3f08ce4b438
Score

3^/10
behavioral4
- Target
  
  Creal-Stealer-main/LICENSE
- Size
  
  1KB
- MD5
  
  c20b81a8d4e15dd4c3f705c49c4ddd1f
- SHA1
  
  b4b5125775876a4dbdc7defd4c96e54404d9db0a
- SHA256
  
  1f691a31346212e0d97022e388112f5c442105fb0e89bcaa5638b832c1c07029
- SHA512
  
  9efa4a6c9fdae1753eaff05ee5e424be11faeb3eba013cfabd90e43ab95a290d760511abc897492d79607455bf1e8aa1ff6d3348b8167304b4765fe1a86d0f88
Score

1^/10
behavioral5
- Target
  
  Creal-Stealer-main/README.md
- Size
  
  3KB
- MD5
  
  79d334e8c52711c3035701a29306928b
- SHA1
  
  1cdec6da63ef8679ee301e09a358dddb78823fdb
- SHA256
  
  b8c08f860f13ef624b979be768982fa6c972f36565f9f1e246ed32ff51e431a0
- SHA512
  
  d3648ae4969cae0a330e17cf293c958736c3f2d9d4159f86905cd4131175e5a54c69d7018a7f98619093ece00318d7a0a2d90aa782a98248626d1210f2781db7
Score

3^/10
behavioral6
- Target
  
  Creal-Stealer-main/builder.bat
- Size
  
  56B
- MD5
  
  001b0fde2e65ae4f8fa280ccdb746c93
- SHA1
  
  6f3ad8b217f090c0a37ae21ee6f0065e58635771
- SHA256
  
  06c326475f195707960159fd70e759bbba1f8b638fb4f749bad68fbb0b728aa2
- SHA512
  
  de065f3c04647f572bc8436c5aacd400956954bec23dcad8db2ddfe2689c37bb2ba0221e84ce11e826c9f9efc43d1782ccd28e76c9c25fba3e277f1b694c781a
Score

1^/10
behavioral7
- Target
  
  Creal-Stealer-main/builder.py
- Size
  
  4KB
- MD5
  
  98ab58d0db2f492feb701fcffb4c0642
- SHA1
  
  3adb54282894658a69031118f25c6d82e9e563e6
- SHA256
  
  cc6fd730887c8c5e3cf12f301d36f0ef5fe16c306b49cd69fd265c20c0a12a41
- SHA512
  
  c4e113a59c16d9f1147a64c66347e8761abf989be02a80dc668708b6c6d12143cf7637c9ea0b0ff2754d586db69ffa95e5183e6029c9cda9af2458b8d9696046
- SSDEEP
  
  48:SUZ8IzsW071hzsGU0h+zgEC5PsOq7lm+7hUhTlvJd4Hhm8bhX4+V8JF4RizPO:SUZ8ewFnJYb9wCo8z2Jaiq
Score

3^/10
behavioral8
- Target
  
  Creal-Stealer-main/img/Creal1.jpg
- Size
  
  125KB
- MD5
  
  6271e9479ab97b47ef0a8543929d0a41
- SHA1
  
  8dd6f15f81ed0795b6515d9eaad001b01c260236
- SHA256
  
  6dd2df78e55f5aac25774126be7ea7c4b6702a4fce9d754a44907ed9e302970b
- SHA512
  
  8af3ff6c18fc6b2eda80f16822d55057046988ed53ac75e2d64c5c101554fe29c8fc8e4c2c0363af4bd1621b362e8fa4fdcc4cee9e45f1d36798e7df095590b0
- SSDEEP
  
  3072:LBppyv9bTX34UjQGHzhoRSQnBrOYF8z+34lVry:LBppyvhXoUjpHzSSNYF8S34lty
Score

3^/10
behavioral9
- Target
  
  Creal-Stealer-main/img/Creal2.png
- Size
  
  91KB
- MD5
  
  8333a5c0ada98e02e1292cc5cbfbcdcf
- SHA1
  
  082697f83fcb1fafeceed3166f7eb2c76d5e5609
- SHA256
  
  f4aa7b46949eb796df22f9f9206e2de2468b14e59e1f4de9f48b2dfb8a76a307
- SHA512
  
  fcaaff99f48fbe2ee19553361a72f9cdb1422a7c4a903e15401a0576ff99dea20ac2c369e83e455ff3d94302f0708cbfb4d6e9cd4b960b63467bb456f9578955
- SSDEEP
  
  1536:X0mzZGCOBKUcJI/Td/bqr12j2VDZmzmtdVjX+EQGZBvU6NudsZGkx6NsX4zlINE:X0mzHOBZmIx/k1hZmaPh+EQSukG9zF
Score

3^/10
behavioral10
- Target
  
  Creal-Stealer-main/img/Creal3.png
- Size
  
  58KB
- MD5
  
  c4d68ba43a81c66d55808cc99704ab37
- SHA1
  
  235fd261a31ce13fca200d16bed4f35779c081f8
- SHA256
  
  12bde914875a474fcd43dfa4e6702f8fa700d2820aeef25339f56788adb6540c
- SHA512
  
  c2a653a864ed1da34eda5166ece3d0c069abb2b06774a28fe9f1a0549b1c3cae9487497e4c07a546938c335bffc95e0b6cdb600299130246d0414944f79b60c9
- SSDEEP
  
  1536:uFrPCMxBGrAiYCO8JEeSrMkdCeqrF/aqWCEOl1Uufvkq:mrP7BwK8JE3CeKFCqWasufvkq
Score

3^/10
behavioral11
- Target
  
  Creal-Stealer-main/img/builderr.png
- Size
  
  37KB
- MD5
  
  f6e2610503c8f002a5c355ed83b141bf
- SHA1
  
  bfdd1ba813237dc21a728be7fa9998bec0e4bbf7
- SHA256
  
  5e39f3cd328a432b7061f2a88af4d4d9b56fc52035040c6d72a7063ccc557344
- SHA512
  
  5131d14960f0fc3534e8f3b62f8c00e9b4a4351a9c7fd92719c02beffc400d1f94d1194bb2845a1b0c03ba5d7f103a3b614d4dbe696d7729d82fbc4accf672b4
- SSDEEP
  
  768:K6cGRqj9B8eNrsSx88FCo/YO/evGfoQ1Sp4lCxGtXFsQT/8mAERbr1v:K2RU6+Yihs2eGxQp7xGBFsuUERbpv
Score

1^/10
behavioral12
- Target
  
  Creal-Stealer-main/img/pyy.png
- Size
  
  50KB
- MD5
  
  37d6b1070131d25bbe407fdfb6a1d34f
- SHA1
  
  9ac28110663e5bb518cda9e7d6dffc5945e702fb
- SHA256
  
  bdea023b9432b8ed279d05262cde407523ea85183538ec97b670b3a0217b4a70
- SHA512
  
  636ca87722c18c2cb85f1f7f4bd7e8c434d159cfb044e9d50dda2404cd350eadc361d50e0cb295507e2325dfe38eacad4e594e81a8f8964ffac28292ad7e97db
- SSDEEP
  
  768:reGozlUOjEs8tf+tohVYhZruituE4iaoAlEQ3RhHW7RFVqroEb2qYQsF22tsqmet:rRoCOjEzflh2fiCI7RhHWdrERYdmeFj
Score

3^/10
behavioral13
- Target
  
  Creal-Stealer-main/img/xd.jpg
- Size
  
  44KB
- MD5
  
  d8b7adbe864a5dfa9d0f9b9a54df1fa5
- SHA1
  
  3d583090faf9e28f127d30333cd2eba7ae076de9
- SHA256
  
  40cd9f31c18eb65248038220d8c6983de03702ec2f7bb5e38ccb248ff02b926d
- SHA512
  
  610f8f8946d417c6d7b64d05be56055277b54f3ed29b472d0f2cc9f08d6c1c42f8af40420ac328f0cee9fc5dccbc43e9b6ba6540c4f4530661e0bb613852375e
- SSDEEP
  
  768:1Vhv+czdSevhsTZHMpeiXYmui9JKEtZfB+ITJtD5VznC:1Vhv+cE6aTRriXYmbTKMpJP5VzC
Score

3^/10
behavioral14
- Target
  
  Creal-Stealer-main/install.bat
- Size
  
  161B
- MD5
  
  6e850049ee08bf9ed50bfdee6e6934c5
- SHA1
  
  4fcf058207a8c7acbbb08a8c752dc803c66c6963
- SHA256
  
  65df947f76e4c904718c25a0a318ca6f35bdd2328c818ee3b09d75f0f43fa710
- SHA512
  
  3cd1a3098791670756f8151a952b12183e8d74aac28809afb3433565b40dc2d583648d479ab064345c9409f7cb534504ec471cfdfd884a1d420341c975d55609
Score

1^/10
behavioral15
- Target
  
  Creal-Stealer-main/install_python.bat
- Size
  
  687B
- MD5
  
  821f007d1c56bb3f4511bab928ce8f63
- SHA1
  
  a22b0d76f5ef0e145629dded82e195486675774a
- SHA256
  
  434f9d4a2a7a5088aa393b47ad8e957a15481cd3078f10b3c0f7ec6fe5f497c2
- SHA512
  
  f1db8db20e25d8d06828ead22e70a28411bf32faa7dd14816ef833efe548a046e9383cb51aa100d49555f2cc9c1f74bf10aef871a0e6724da5f96c690770dd4d
Score

8^/10

discovery persistence
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
behavioral16
- Target
  
  Creal-Stealer-main/junk.py
- Size
  
  5KB
- MD5
  
  e796fd742bb555174ee83f3ce4118d0c
- SHA1
  
  9b3b86b4614ee9e64cd836aa77f1fc43102df026
- SHA256
  
  3c9881a0bf734894ca5603e5f5c63e84111b9f3415fb27c69d80cb3f54be6ec5
- SHA512
  
  3106f4593989a13673bebf847d958a3359f930e36bfda7cd1e0c91d94e2e0d461d5e0250c27f3475e0ffd58c5ad8e6338315e91e985c31390fd8839e20ef0943
- SSDEEP
  
  96:hj1UM1piEsD1UM1piEFb1UM1piEsD1UM1piEFb1UM1piEsD1UM1piEFR:V1v1piZ1v1pi+b1v1piZ1v1pi+b1v1pA
Score

3^/10
behavioral17
- Target
  
  Creal-Stealer-main/requirements.txt
- Size
  
  36B
- MD5
  
  7e5191e5e4b8c61bfbb9b146caaec728
- SHA1
  
  4438b018fe9a3c88d83115814a67b39b9c189a47
- SHA256
  
  796d58c7e0920f6705ece5e4cefc3cdd76b00849eebce71a5c6a057421dd6b47
- SHA512
  
  7a800a6252c404bec07f14f756d8e7b2758bb7f9cb142030e2eb05aac84f9c6b734e3244bde2681dad6ded701b5868003b0c0503f21ed43b32f01791f130caf1
Score

3^/10
behavioral18

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Blocklisted process makes network request

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Registers COM server for autorun

Adds Run key to start application

Checks installed software on the system

Enumerates connected drives

Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18