General
-
Target
creal.exe
-
Size
13.0MB
-
Sample
240315-xlkxgsgc7t
-
MD5
b5249b2da6a0ca612cf45c36fdd25bb3
-
SHA1
7e6e5c4d797faf82deed4b49fa6e9763028bed58
-
SHA256
51d39a30b0eb8d498c9199efd41081e067f00770ecdfca3ed16318d9ae7c9e4d
-
SHA512
770a4e7a07e53dc3d266e3f5db702a602f8562f730860e478ead1fc7f2b3d44f7cb005b10a8181a95471ab16258d85f8cfa31109c22c7bed2415d2acd90616ec
-
SSDEEP
393216:Ru7L/povKmr2pu0tTtdQuslSl9DoWOv+9fqX8hXd:RCLRoKmr2puI5dQu9xorvSiMhX
Malware Config
Targets
-
-
Target
creal.exe
-
Size
13.0MB
-
MD5
b5249b2da6a0ca612cf45c36fdd25bb3
-
SHA1
7e6e5c4d797faf82deed4b49fa6e9763028bed58
-
SHA256
51d39a30b0eb8d498c9199efd41081e067f00770ecdfca3ed16318d9ae7c9e4d
-
SHA512
770a4e7a07e53dc3d266e3f5db702a602f8562f730860e478ead1fc7f2b3d44f7cb005b10a8181a95471ab16258d85f8cfa31109c22c7bed2415d2acd90616ec
-
SSDEEP
393216:Ru7L/povKmr2pu0tTtdQuslSl9DoWOv+9fqX8hXd:RCLRoKmr2puI5dQu9xorvSiMhX
Score7/10-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-