7988c4295df64eb616b3449b2e562be8656a5d46ae8ecdf3244bcb5578aa2816 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

creal.exe
Size

17.4MB
Sample

240307-smrdfaec57
MD5

1b8a10e06ff138d70868dead5195fd3c
SHA1

f4d55e91a38fe46b9868e9f5d17412d1f2ae7019
SHA256

7988c4295df64eb616b3449b2e562be8656a5d46ae8ecdf3244bcb5578aa2816
SHA512

f6787f173674a0af41a4c6d75fabae4599af2f4737d609904e1dd9126adf478a855819bdb073713f7afcb1029abb3bc6ee1d65dbf4d42fbcde12e5ba13c9a782
SSDEEP

393216:pEkZQJFP8AxYDwdQuslRl99oWOv+9fgJi0VAIqGw:phQ4XsdQuqDorvSYJi0SIqn

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  creal.exe
- Size
  
  17.4MB
- MD5
  
  1b8a10e06ff138d70868dead5195fd3c
- SHA1
  
  f4d55e91a38fe46b9868e9f5d17412d1f2ae7019
- SHA256
  
  7988c4295df64eb616b3449b2e562be8656a5d46ae8ecdf3244bcb5578aa2816
- SHA512
  
  f6787f173674a0af41a4c6d75fabae4599af2f4737d609904e1dd9126adf478a855819bdb073713f7afcb1029abb3bc6ee1d65dbf4d42fbcde12e5ba13c9a782
- SSDEEP
  
  393216:pEkZQJFP8AxYDwdQuslRl99oWOv+9fgJi0VAIqGw:phQ4XsdQuqDorvSYJi0SIqn
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2