Overview

overview

10

Static

static

10

Creal.exe

windows7-x64

7

Creal.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Creal.exe

  • Size

    14.3MB

  • Sample

    240105-tsxyvagcf5

  • MD5

    334b8b048cbba70b243d7b2a722019e9

  • SHA1

    e4f6057edaaa4531c9c69b92858ebdd6bd8e75f2

  • SHA256

    8d4f62cde112ebad1da13a63c1620437e8dd5bfb07572f16a900a0ce0a0f40f3

  • SHA512

    f889cdc91074c14b3dd924ba9acbd1764a4df073256ec999d3f6d8501f00f1808d15fe1452f88274a243f6213ae713e0b43185e95fcd04e460ed290b2cb35391

  • SSDEEP

    393216:sX7QJidQuslSq99oWOv+9fgVByXmHE2w:sLQwdQuSDorvSYVBAGEX

Score
10/10
crealstealerpyinstaller

Malware Config

Targets

    • Target

      Creal.exe

    • Size

      14.3MB

    • MD5

      334b8b048cbba70b243d7b2a722019e9

    • SHA1

      e4f6057edaaa4531c9c69b92858ebdd6bd8e75f2

    • SHA256

      8d4f62cde112ebad1da13a63c1620437e8dd5bfb07572f16a900a0ce0a0f40f3

    • SHA512

      f889cdc91074c14b3dd924ba9acbd1764a4df073256ec999d3f6d8501f00f1808d15fe1452f88274a243f6213ae713e0b43185e95fcd04e460ed290b2cb35391

    • SSDEEP

      393216:sX7QJidQuslSq99oWOv+9fgVByXmHE2w:sLQwdQuSDorvSYVBAGEX

    Score
    7/10

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks