Overview

overview

10

Static

static

10

creal.py

windows7-x64

3

creal.py

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    creal.py

  • Size

    42KB

  • Sample

    240221-yfad8sed2y

  • MD5

    29198d66a396295aecd774053e5ded02

  • SHA1

    0da5fdb00aefa2ef2bed6ffe614a88caf6483b75

  • SHA256

    803e6d299ab9239cd3a68219edd285433eb625b28bdb056bc54b507ff92c71d1

  • SHA512

    47dbfa3f5e112694ae91cd182470bd209cadd835f9fe8d0b07edf72fe5ff018ac8dadae27bfeea7fae7e4dfb7507afdb3a2adbad542916d5f2cfe0bf66333091

  • SSDEEP

    768:IRDAWRqnXeihOCSlqLCxzAj6VppDPi7WA:IRkWRqnhhFSQLhmVpoWA

Score
10/10
crealstealerdiscoverypersistence

Malware Config

Targets

    • Target

      creal.py

    • Size

      42KB

    • MD5

      29198d66a396295aecd774053e5ded02

    • SHA1

      0da5fdb00aefa2ef2bed6ffe614a88caf6483b75

    • SHA256

      803e6d299ab9239cd3a68219edd285433eb625b28bdb056bc54b507ff92c71d1

    • SHA512

      47dbfa3f5e112694ae91cd182470bd209cadd835f9fe8d0b07edf72fe5ff018ac8dadae27bfeea7fae7e4dfb7507afdb3a2adbad542916d5f2cfe0bf66333091

    • SSDEEP

      768:IRDAWRqnXeihOCSlqLCxzAj6VppDPi7WA:IRkWRqnhhFSQLhmVpoWA

    Score
    8/10
    discoverypersistence

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks