crealstealer | dc5fee5594cd71992651a98980398c14807b8b595e69499b5741832d90240d82 | Triage

Sharing

General

Target

Creal.exe
Size

14.4MB
Sample

240116-vysfzsfefl
MD5

546e3843cb31f296158474211d62afaf
SHA1

bddddb4336f777a8135fff8cc93f7cb45227a49a
SHA256

dc5fee5594cd71992651a98980398c14807b8b595e69499b5741832d90240d82
SHA512

8a8f173be9ff33512047c230dabdeb3b0c08a494b33cad7947c0bead1979454279df3e828789e78e49708a85c1465eba588d5990cbc0e7533e497644b9db2b5d
SSDEEP

196608:OktGX180pr0sKYu/PaQ+DuhfldidQmRJ8dA6lSuqaycBIGpE2o6hTOv+QKfwJpax:kX7QJidQuslSq99oWOv+9fgpazD0RZb

Score

10^/10

crealstealer pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  Creal.exe
- Size
  
  14.4MB
- MD5
  
  546e3843cb31f296158474211d62afaf
- SHA1
  
  bddddb4336f777a8135fff8cc93f7cb45227a49a
- SHA256
  
  dc5fee5594cd71992651a98980398c14807b8b595e69499b5741832d90240d82
- SHA512
  
  8a8f173be9ff33512047c230dabdeb3b0c08a494b33cad7947c0bead1979454279df3e828789e78e49708a85c1465eba588d5990cbc0e7533e497644b9db2b5d
- SSDEEP
  
  196608:OktGX180pr0sKYu/PaQ+DuhfldidQmRJ8dA6lSuqaycBIGpE2o6hTOv+QKfwJpax:kX7QJidQuslSq99oWOv+9fgpazD0RZb
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2
- Target
  
  Creal.pyc
- Size
  
  98KB
- MD5
  
  0cc4110b88ba4d8ca23d144bc5047de1
- SHA1
  
  ca7bca883d7163eea8915107e4a7acb2c6c6e95a
- SHA256
  
  cd637a3df1be8100a4ef685311201a4b04bd3227a4b5afdc5835a1d7af3484e5
- SHA512
  
  3895b9f9697e47ec375a98a935b96565bad4b0dec4d264b167fd4273d6330e8a3007cc072ddb4f09a8fbfa08e752ff949dfd4eb3a2dc01390550fb0168c90fdc
- SSDEEP
  
  1536:WuuDrDe3uzTZMB7aK1hY6YITSM8K28PCQus5mIbVtX/RiOV//OgrszpX1cKgKZI4:RuDfe3uz0BoM8B8Pzm2tXZiOW
Score

3^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

pyinstallercrealstealer

behavioral1

behavioral2

behavioral3

behavioral4