General
-
Target
Creal-Stealer-main.zip
-
Size
442KB
-
Sample
240219-zlbpxsde57
-
MD5
f1588dee158c088ba14a31fc33c2939e
-
SHA1
0b776d41a6e048d8be953b73c12c09a4d22489b4
-
SHA256
330443e86efd23fd22c62a1fb09b86e1caa94e017bab089a92fb41e28ae9ceac
-
SHA512
262d9e39ddfc4438a74023659dc7b7ec1dddb547db46a1cef5aa92190905b870550689ecaa8ff9eb8794b6a231d8091dacad1ca0967771c947483e333e832f57
-
SSDEEP
12288:jkiCtqedNidWylIIDcDBZHoJRdfnVfi6Pz4W+D4:QBt5OVl3mGdfnVfT4ZD4
Malware Config
Targets
-
-
Target
Creal-Stealer-main.zip
-
Size
442KB
-
MD5
f1588dee158c088ba14a31fc33c2939e
-
SHA1
0b776d41a6e048d8be953b73c12c09a4d22489b4
-
SHA256
330443e86efd23fd22c62a1fb09b86e1caa94e017bab089a92fb41e28ae9ceac
-
SHA512
262d9e39ddfc4438a74023659dc7b7ec1dddb547db46a1cef5aa92190905b870550689ecaa8ff9eb8794b6a231d8091dacad1ca0967771c947483e333e832f57
-
SSDEEP
12288:jkiCtqedNidWylIIDcDBZHoJRdfnVfi6Pz4W+D4:QBt5OVl3mGdfnVfT4ZD4
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Registers COM server for autorun
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Event Triggered Execution
1Change Default File Association
1