General
-
Target
Creal.exe
-
Size
13.4MB
-
Sample
240703-gktv1azgje
-
MD5
2fe5eb145de82780b4857d8da12990c7
-
SHA1
dd0f358404b6697cfe4b6547bc608cfbb647c4f3
-
SHA256
ee8e78a6e2b4500827e2e833d0c6ca0777ff330ad6c34a4f4dbacd129a5c3348
-
SHA512
854b31b11654a610e114389e188eefe8ee14964fbdad6f0b82b10a63c1453eea1e6626e3c019de912b68e3862e678a16d9cc5ad0e215cfe8045eaf7af5d252a3
-
SSDEEP
393216:9/u7L/jAcsIq1+TtIiFg0VBxwGS6bjEz:tCLbvq1QtI6nSUEz
Malware Config
Targets
-
-
Target
Creal.exe
-
Size
13.4MB
-
MD5
2fe5eb145de82780b4857d8da12990c7
-
SHA1
dd0f358404b6697cfe4b6547bc608cfbb647c4f3
-
SHA256
ee8e78a6e2b4500827e2e833d0c6ca0777ff330ad6c34a4f4dbacd129a5c3348
-
SHA512
854b31b11654a610e114389e188eefe8ee14964fbdad6f0b82b10a63c1453eea1e6626e3c019de912b68e3862e678a16d9cc5ad0e215cfe8045eaf7af5d252a3
-
SSDEEP
393216:9/u7L/jAcsIq1+TtIiFg0VBxwGS6bjEz:tCLbvq1QtI6nSUEz
-
Drops startup file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-