crealstealer | 2a332f209daa3b58df34483be1ac792f75f08d166e6c6f2f702538d17b5ef56b | Triage

Submit
Reports

Overview

overview

Static

static

Creal.exe

windows7-x64

7

Creal.exe

windows10-2004-x64

7

Resubmissions

07-01-2024 17:46

240107-wcqwpsbedq 10

07-01-2024 17:45

240107-wbsnxacdg6 10

Sharing

General

Target

Creal.exe
Size

13.2MB
Sample

240107-wcqwpsbedq
MD5

709bfa6c20f38aa909f80c0eca2d624c
SHA1

48cef5ce3cdfbb9f3cddffb0647b2d80ced6ad13
SHA256

2a332f209daa3b58df34483be1ac792f75f08d166e6c6f2f702538d17b5ef56b
SHA512

5a53983304b62c6ab065cffce08e97231ea52f1ea51ca3eb4da06c884019f414a4781dd65d7205b02b6f45abb61c9c58f808ddde21d4fb5630625e445cc68da0
SSDEEP

393216:dXGDn5nwW+eGQRIMTozGxu8C0ibfz6e575A8K5aWCuVl:d2DnRwW+e5R5oztZ026e5JxVuVl

Score

10^/10

crealstealer pyinstaller spyware stealer

Static task

static1

pyinstaller crealstealer

4 signatures

Behavioral task

behavioral1

Sample

Creal.exe

Resource

win7-20231215-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

Creal.exe

Resource

win10v2004-20231215-en

spyware stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  Creal.exe
- Size
  
  13.2MB
- MD5
  
  709bfa6c20f38aa909f80c0eca2d624c
- SHA1
  
  48cef5ce3cdfbb9f3cddffb0647b2d80ced6ad13
- SHA256
  
  2a332f209daa3b58df34483be1ac792f75f08d166e6c6f2f702538d17b5ef56b
- SHA512
  
  5a53983304b62c6ab065cffce08e97231ea52f1ea51ca3eb4da06c884019f414a4781dd65d7205b02b6f45abb61c9c58f808ddde21d4fb5630625e445cc68da0
- SSDEEP
  
  393216:dXGDn5nwW+eGQRIMTozGxu8C0ibfz6e575A8K5aWCuVl:d2DnRwW+e5R5oztZ026e5JxVuVl
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

pyinstallercrealstealer

behavioral1

behavioral2

© 2018-2025

Terms | Privacy