General
-
Target
Creal-Stealer-Main.exe
-
Size
19.3MB
-
Sample
240718-cvsngathpf
-
MD5
32b2d8d09d68ec87e21808660bd90f3b
-
SHA1
da5504e599fdfd96fcf37bd07daa3be4bfa76ea6
-
SHA256
0cf273cc694691c74c8b039fc1e9bd2ee0c367147e7d5f52a5571215bcc1fbe8
-
SHA512
485b6d74d929b011400af38a2784bc88e057912a2722085c85dd7ce6180a6a090b6b8160a5f999e5980dc67d584e60b573257595c82bec7802fbb278be042609
-
SSDEEP
393216:oQtstvdqJr7M5liAdQJluwF3MnG3otl5cuahBo1edW3WpsZ5J:oQtstVA7M5lndQz3MGYN6bDW
Malware Config
Targets
-
-
Target
Creal-Stealer-Main.exe
-
Size
19.3MB
-
MD5
32b2d8d09d68ec87e21808660bd90f3b
-
SHA1
da5504e599fdfd96fcf37bd07daa3be4bfa76ea6
-
SHA256
0cf273cc694691c74c8b039fc1e9bd2ee0c367147e7d5f52a5571215bcc1fbe8
-
SHA512
485b6d74d929b011400af38a2784bc88e057912a2722085c85dd7ce6180a6a090b6b8160a5f999e5980dc67d584e60b573257595c82bec7802fbb278be042609
-
SSDEEP
393216:oQtstvdqJr7M5liAdQJluwF3MnG3otl5cuahBo1edW3WpsZ5J:oQtstVA7M5lndQz3MGYN6bDW
Score10/10-
Modifies WinLogon for persistence
-
UAC bypass
-
Disables RegEdit via registry modification
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Drops desktop.ini file(s)
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
3