crealstealer | 41a328737a540a1bf561b18458dd30c986bf6b978f65d782388e33a3fe00436e

General

Target

Creal-Stealer-main.zip
Size

385KB
Sample

231230-pfgzmsfccr
MD5

90f9c119380782f07da69fff456101c5
SHA1

34fad7257aa698112c586566683f911172c87e28
SHA256

41a328737a540a1bf561b18458dd30c986bf6b978f65d782388e33a3fe00436e
SHA512

8a93d5c0e373734dbb3d80bba0f293e2fd08d79f884e7ce43a5c4b45575a8b835bd4c3b6b66801096e056e6beb7f67c278387c19ef8fd8575270735f038479a4
SSDEEP

12288:D+iCtqedNidWyCIIDcDBsHoJRdfEVfXG9JZ6UD0:KBt5OVC3mzdfEVfX4Z5D0

Score

10^/10

Malware Config

Targets

- Target
  
  Creal-Stealer-main/Creal.py
- Size
  
  42KB
- MD5
  
  fea991e39b09a902a852c6937ea2c4da
- SHA1
  
  9ac29c2b31dabed65e7a716587840e2a1815cd42
- SHA256
  
  baa6a5816056c73f157f72d0cc3875832033eeeb261049374567a85a83d0253a
- SHA512
  
  6344376db55cc871f27b380862f2648f90d9ef4f0c37e83ddd64ed011c68c67c55cee50d9536414e7bf88d7a7bb645fb5648c08339dfddeee98d82af98fd4bc5
- SSDEEP
  
  768:Q1DAWRknXeihOCSlqLCxzAj6VppDPi7WR:Q1kWRknhhFSQLhmVpoWR
Score

3^/10
behavioral1
- Target
  
  Creal-Stealer-main/install_python.bat
- Size
  
  687B
- MD5
  
  821f007d1c56bb3f4511bab928ce8f63
- SHA1
  
  a22b0d76f5ef0e145629dded82e195486675774a
- SHA256
  
  434f9d4a2a7a5088aa393b47ad8e957a15481cd3078f10b3c0f7ec6fe5f497c2
- SHA512
  
  f1db8db20e25d8d06828ead22e70a28411bf32faa7dd14816ef833efe548a046e9383cb51aa100d49555f2cc9c1f74bf10aef871a0e6724da5f96c690770dd4d
Score

8^/10

discovery persistence
- Blocklisted process makes network request
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral2