General

  • Target

    creal.exe

  • Size

    20.4MB

  • Sample

    240522-e7fksacd3t

  • MD5

    3b7581550830cb40a224102e4b6abac8

  • SHA1

    9e6b7dd41547af99aec158685189adc91004b446

  • SHA256

    b6d826eb743dcb85b78282ce8a19451dc98293abb715d9e5473bba7b56fc4322

  • SHA512

    3fdcb832b3aa95fe5219743c1dbd114aab3ea397b2f0d47662e1db55abbe2f748b7afbe2c56b68954fe7a56fce51764326c5cf1a522cc7f8fe83dea903e27ae0

  • SSDEEP

    393216:AEkZQtss271jJWQsUcR4NzQW+eGQRg93iObIhRS/ML/rqT6oHd85Tv1:AhQts7jYQFIW+e5R49MhR97ePy5T

Malware Config

Targets

    • Target

      creal.exe

    • Size

      20.4MB

    • MD5

      3b7581550830cb40a224102e4b6abac8

    • SHA1

      9e6b7dd41547af99aec158685189adc91004b446

    • SHA256

      b6d826eb743dcb85b78282ce8a19451dc98293abb715d9e5473bba7b56fc4322

    • SHA512

      3fdcb832b3aa95fe5219743c1dbd114aab3ea397b2f0d47662e1db55abbe2f748b7afbe2c56b68954fe7a56fce51764326c5cf1a522cc7f8fe83dea903e27ae0

    • SSDEEP

      393216:AEkZQtss271jJWQsUcR4NzQW+eGQRg93iObIhRS/ML/rqT6oHd85Tv1:AhQts7jYQFIW+e5R49MhR97ePy5T

    Score
    7/10
    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Target

      creal.pyc

    • Size

      72KB

    • MD5

      ac397c8c302fc26dff40c884ff1d5814

    • SHA1

      3094794c340251003f454cfd38e63bb05d3ec4bb

    • SHA256

      b72b870e5e7ced7b0690b76fed504fa1b6728be1e1f7139da79305a872918b16

    • SHA512

      685eb61629d4c5b5e70ee67a2b8ad727fd589c35b035c3c14094040f4a40c0b4ed78006c4d03f24dba73ede5116074536ec0283d80b2d3c3b16a49008356dd95

    • SSDEEP

      1536:36TOrySzYPQlWXV2IsBORbHBwd+ObIrSyKEgR2eV:31Uv2IsBeWd+OuSyKEgRN

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks