Overview

overview

7

Static

static

3

creal.exe

windows7-x64

7

creal.exe

windows10-2004-x64

7

creal.pyc

windows7-x64

3

creal.pyc

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    creal.exe

  • Size

    16.2MB

  • Sample

    240528-yqlj9abc22

  • MD5

    c0f80c8493aa4ce23b2bf241d587d092

  • SHA1

    69617caf815328fada32a0904d0f297a7c0f92ae

  • SHA256

    d45790ad179d7b2e726897a65dfcdb20cef3e943cdbbf2e352301ac2b0e85fef

  • SHA512

    4f9dbb04e87cb3f18998148b5ca68e5a535b323267051bc9e1c1fbea77388343655929c1ec18bdc810cbfee081cc1ac068a5e5059d6b0f6efec7db9e2af6f2c3

  • SSDEEP

    393216:TEkcqPnSNPG7NmiZoW1+TtIiFvY9Z8D8Ccl6l6udLs11sJzWmNoj:Tk6oKEAl1QtI6a8DZcIlzdwE7NK

Score
7/10
pyinstallerspywarestealer

Malware Config

Targets

    • Target

      creal.exe

    • Size

      16.2MB

    • MD5

      c0f80c8493aa4ce23b2bf241d587d092

    • SHA1

      69617caf815328fada32a0904d0f297a7c0f92ae

    • SHA256

      d45790ad179d7b2e726897a65dfcdb20cef3e943cdbbf2e352301ac2b0e85fef

    • SHA512

      4f9dbb04e87cb3f18998148b5ca68e5a535b323267051bc9e1c1fbea77388343655929c1ec18bdc810cbfee081cc1ac068a5e5059d6b0f6efec7db9e2af6f2c3

    • SSDEEP

      393216:TEkcqPnSNPG7NmiZoW1+TtIiFvY9Z8D8Ccl6l6udLs11sJzWmNoj:Tk6oKEAl1QtI6a8DZcIlzdwE7NK

    Score
    7/10
    spywarestealer

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

    • Target

      creal.pyc

    • Size

      64KB

    • MD5

      05317593399c25e6a5249f13e5d76dd9

    • SHA1

      5cd013b76f29fb3f3558e39646b56ebee51dd6bd

    • SHA256

      8aa67011091005839de572bb4f4b4e686fbbc39d2aa4437c3624609af5d6de66

    • SHA512

      a09d24de48d2f8ad347865631b91e902715e6c6cb279c01c4ac50dede44b8ed3f9b46ae80a7b99293c67bf50c4c01ec82f09a77c98c592f25ffbc86c798efe8f

    • SSDEEP

      1536:7Trme+0Ql9pObo8BHWftXASFW08VAeOR2e2:7T4Ybo8B2VXASNMAeOR+

    Score
    3/10
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

Process Discovery

1
T1057

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks