General
-
Target
Creal-Stealer-Main.exe
-
Size
19.3MB
-
Sample
240522-epc2yabe79
-
MD5
32b2d8d09d68ec87e21808660bd90f3b
-
SHA1
da5504e599fdfd96fcf37bd07daa3be4bfa76ea6
-
SHA256
0cf273cc694691c74c8b039fc1e9bd2ee0c367147e7d5f52a5571215bcc1fbe8
-
SHA512
485b6d74d929b011400af38a2784bc88e057912a2722085c85dd7ce6180a6a090b6b8160a5f999e5980dc67d584e60b573257595c82bec7802fbb278be042609
-
SSDEEP
393216:oQtstvdqJr7M5liAdQJluwF3MnG3otl5cuahBo1edW3WpsZ5J:oQtstVA7M5lndQz3MGYN6bDW
Malware Config
Targets
-
-
Target
Creal-Stealer-Main.exe
-
Size
19.3MB
-
MD5
32b2d8d09d68ec87e21808660bd90f3b
-
SHA1
da5504e599fdfd96fcf37bd07daa3be4bfa76ea6
-
SHA256
0cf273cc694691c74c8b039fc1e9bd2ee0c367147e7d5f52a5571215bcc1fbe8
-
SHA512
485b6d74d929b011400af38a2784bc88e057912a2722085c85dd7ce6180a6a090b6b8160a5f999e5980dc67d584e60b573257595c82bec7802fbb278be042609
-
SSDEEP
393216:oQtstvdqJr7M5liAdQJluwF3MnG3otl5cuahBo1edW3WpsZ5J:oQtstVA7M5lndQz3MGYN6bDW
Score7/10-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
Creal.pyc
-
Size
55KB
-
MD5
2a27c5a2380383e0eef2ee5d7e2e355d
-
SHA1
7896926b0fd1fb7027b32ea9e211b531231584b8
-
SHA256
aac7ee2790a33f22c1dac95d9b858f6bcc4b952ff059a3c9af40f893a14be5b3
-
SHA512
cb9b275565142b7a8fb1f42c9101c067f02d75dadd4bdd08752c92eca4b46c71bb83b9565155c85f4a1aa58db1efea11a73346be0da71c4d71508a0fa8d2a5f5
-
SSDEEP
768:s7WnrgpVIVk9+X6GpX0xoWyWtXt4OXXFFYAl/fBS5AZFm/bj3+eO3Wb38f:Dr47+LtaoULXFFYAyiUj3aWb3y
Score10/10-
An infostealer written in Python and packaged with PyInstaller.
-
crealstealer
An infostealer written in Python and packaged with PyInstaller.
-
Legitimate hosting services abused for malware hosting/C2
-