General

  • Target

    Creal.exe

  • Size

    13.4MB

  • Sample

    240703-gktv1azgje

  • MD5

    2fe5eb145de82780b4857d8da12990c7

  • SHA1

    dd0f358404b6697cfe4b6547bc608cfbb647c4f3

  • SHA256

    ee8e78a6e2b4500827e2e833d0c6ca0777ff330ad6c34a4f4dbacd129a5c3348

  • SHA512

    854b31b11654a610e114389e188eefe8ee14964fbdad6f0b82b10a63c1453eea1e6626e3c019de912b68e3862e678a16d9cc5ad0e215cfe8045eaf7af5d252a3

  • SSDEEP

    393216:9/u7L/jAcsIq1+TtIiFg0VBxwGS6bjEz:tCLbvq1QtI6nSUEz

Malware Config

Targets

    • Target

      Creal.exe

    • Size

      13.4MB

    • MD5

      2fe5eb145de82780b4857d8da12990c7

    • SHA1

      dd0f358404b6697cfe4b6547bc608cfbb647c4f3

    • SHA256

      ee8e78a6e2b4500827e2e833d0c6ca0777ff330ad6c34a4f4dbacd129a5c3348

    • SHA512

      854b31b11654a610e114389e188eefe8ee14964fbdad6f0b82b10a63c1453eea1e6626e3c019de912b68e3862e678a16d9cc5ad0e215cfe8045eaf7af5d252a3

    • SSDEEP

      393216:9/u7L/jAcsIq1+TtIiFg0VBxwGS6bjEz:tCLbvq1QtI6nSUEz

    Score
    7/10
    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks