General

  • Target

    creal.zip

  • Size

    20.9MB

  • Sample

    240427-wskpmadg52

  • MD5

    ad4705fe0d5d2aaf215edfdd0be8d153

  • SHA1

    341907bc41e8afe711c71a1d09fb6da16f88613a

  • SHA256

    cc17096af8773e751303b8b0e50b0ef139f62856526f4638eea4ecbf8857a120

  • SHA512

    5135ad7f2881e8857a4e0a286aff75e3421e3f05812ff2c192f37668101ab5105f9d437cbc51c461621be775fbb1868b910ba944b5ee7a04b0d4606ae6bda823

  • SSDEEP

    393216:vHL0oylDtPoif1dSqju1bCvEUl/TCxusFdug1QtcryGKs43nerLMq:vr9y1tgUdtytCvHTCxusV1Wc2B53erQq

Malware Config

Targets

    • Target

      creal.exe

    • Size

      21.1MB

    • MD5

      617980724e3d006ee1827777cd7756df

    • SHA1

      a53ae14859be0ab7f77b4cd97ccad84c2aadceb1

    • SHA256

      986bff0558f184d6bcf68e8a1ffdf373a9eb98362eef04512b5d2e09f14de9f5

    • SHA512

      f648d469bc965f991ce1438810d6c383fc22f417430226ac0c51890078a8295beb559c98b4e14a158aa788c212dace46252b0eb6d2960594ac5446e8c51175f4

    • SSDEEP

      393216:+EkZQtsuC4P8AxYDX1+TtIiFqCuARuAQhFXms8or54jZ60bTOj1unC:+hQtsFzX71QtI1CuAgh/8ol4V3bT81uC

    Score
    7/10
    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks