General
-
Target
creal.exe
-
Size
16.2MB
-
Sample
240528-yqlj9abc22
-
MD5
c0f80c8493aa4ce23b2bf241d587d092
-
SHA1
69617caf815328fada32a0904d0f297a7c0f92ae
-
SHA256
d45790ad179d7b2e726897a65dfcdb20cef3e943cdbbf2e352301ac2b0e85fef
-
SHA512
4f9dbb04e87cb3f18998148b5ca68e5a535b323267051bc9e1c1fbea77388343655929c1ec18bdc810cbfee081cc1ac068a5e5059d6b0f6efec7db9e2af6f2c3
-
SSDEEP
393216:TEkcqPnSNPG7NmiZoW1+TtIiFvY9Z8D8Ccl6l6udLs11sJzWmNoj:Tk6oKEAl1QtI6a8DZcIlzdwE7NK
Behavioral task
behavioral1
Sample
creal.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
creal.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
creal.pyc
Resource
win7-20240215-en
Behavioral task
behavioral4
Sample
creal.pyc
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
creal.exe
-
Size
16.2MB
-
MD5
c0f80c8493aa4ce23b2bf241d587d092
-
SHA1
69617caf815328fada32a0904d0f297a7c0f92ae
-
SHA256
d45790ad179d7b2e726897a65dfcdb20cef3e943cdbbf2e352301ac2b0e85fef
-
SHA512
4f9dbb04e87cb3f18998148b5ca68e5a535b323267051bc9e1c1fbea77388343655929c1ec18bdc810cbfee081cc1ac068a5e5059d6b0f6efec7db9e2af6f2c3
-
SSDEEP
393216:TEkcqPnSNPG7NmiZoW1+TtIiFvY9Z8D8Ccl6l6udLs11sJzWmNoj:Tk6oKEAl1QtI6a8DZcIlzdwE7NK
-
Drops startup file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
creal.pyc
-
Size
64KB
-
MD5
05317593399c25e6a5249f13e5d76dd9
-
SHA1
5cd013b76f29fb3f3558e39646b56ebee51dd6bd
-
SHA256
8aa67011091005839de572bb4f4b4e686fbbc39d2aa4437c3624609af5d6de66
-
SHA512
a09d24de48d2f8ad347865631b91e902715e6c6cb279c01c4ac50dede44b8ed3f9b46ae80a7b99293c67bf50c4c01ec82f09a77c98c592f25ffbc86c798efe8f
-
SSDEEP
1536:7Trme+0Ql9pObo8BHWftXASFW08VAeOR2e2:7T4Ybo8B2VXASNMAeOR+
Score3/10 -