General
-
Target
creal.exe
-
Size
20.4MB
-
Sample
240522-e7fksacd3t
-
MD5
3b7581550830cb40a224102e4b6abac8
-
SHA1
9e6b7dd41547af99aec158685189adc91004b446
-
SHA256
b6d826eb743dcb85b78282ce8a19451dc98293abb715d9e5473bba7b56fc4322
-
SHA512
3fdcb832b3aa95fe5219743c1dbd114aab3ea397b2f0d47662e1db55abbe2f748b7afbe2c56b68954fe7a56fce51764326c5cf1a522cc7f8fe83dea903e27ae0
-
SSDEEP
393216:AEkZQtss271jJWQsUcR4NzQW+eGQRg93iObIhRS/ML/rqT6oHd85Tv1:AhQts7jYQFIW+e5R49MhR97ePy5T
Behavioral task
behavioral1
Sample
creal.exe
Resource
win11-20240426-en
Behavioral task
behavioral2
Sample
creal.pyc
Resource
win11-20240508-en
Malware Config
Targets
-
-
Target
creal.exe
-
Size
20.4MB
-
MD5
3b7581550830cb40a224102e4b6abac8
-
SHA1
9e6b7dd41547af99aec158685189adc91004b446
-
SHA256
b6d826eb743dcb85b78282ce8a19451dc98293abb715d9e5473bba7b56fc4322
-
SHA512
3fdcb832b3aa95fe5219743c1dbd114aab3ea397b2f0d47662e1db55abbe2f748b7afbe2c56b68954fe7a56fce51764326c5cf1a522cc7f8fe83dea903e27ae0
-
SSDEEP
393216:AEkZQtss271jJWQsUcR4NzQW+eGQRg93iObIhRS/ML/rqT6oHd85Tv1:AhQts7jYQFIW+e5R49MhR97ePy5T
-
Drops startup file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
creal.pyc
-
Size
72KB
-
MD5
ac397c8c302fc26dff40c884ff1d5814
-
SHA1
3094794c340251003f454cfd38e63bb05d3ec4bb
-
SHA256
b72b870e5e7ced7b0690b76fed504fa1b6728be1e1f7139da79305a872918b16
-
SHA512
685eb61629d4c5b5e70ee67a2b8ad727fd589c35b035c3c14094040f4a40c0b4ed78006c4d03f24dba73ede5116074536ec0283d80b2d3c3b16a49008356dd95
-
SSDEEP
1536:36TOrySzYPQlWXV2IsBORbHBwd+ObIrSyKEgR2eV:31Uv2IsBeWd+OuSyKEgRN
Score3/10 -