General

  • Target

    creal.exe

  • Size

    20.2MB

  • Sample

    240508-v2mpxafb2x

  • MD5

    924f2647223e089391b343e9ec50e7e6

  • SHA1

    77f94b85c5cba414c14c9ea968aafc2dac3cae5e

  • SHA256

    3064edbba195a567c1bafc7fe8219d98978936820f1d2465b2bab8697a921541

  • SHA512

    383bee90970035a9a339199b8a77206912d505a5b05830aab987ffdf331ca82944c0a0b176da931179aecd7f35a904a0f48fa87d24775052af6394caed1c8d31

  • SSDEEP

    393216:mEkZQtsTTpRJWQsUcR4Nzjk3meCcGfd0vYM3ro6ozdGNsv1:mhQts/pRYQFbaY5F0vYa0YNw

Malware Config

Targets

    • Target

      creal.exe

    • Size

      20.2MB

    • MD5

      924f2647223e089391b343e9ec50e7e6

    • SHA1

      77f94b85c5cba414c14c9ea968aafc2dac3cae5e

    • SHA256

      3064edbba195a567c1bafc7fe8219d98978936820f1d2465b2bab8697a921541

    • SHA512

      383bee90970035a9a339199b8a77206912d505a5b05830aab987ffdf331ca82944c0a0b176da931179aecd7f35a904a0f48fa87d24775052af6394caed1c8d31

    • SSDEEP

      393216:mEkZQtsTTpRJWQsUcR4Nzjk3meCcGfd0vYM3ro6ozdGNsv1:mhQts/pRYQFbaY5F0vYa0YNw

    Score
    7/10
    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks