Overview

overview

10

Static

static

10

Creal.exe

windows7-x64

7

Creal.exe

windows10-2004-x64

7

Resubmissions

20-07-2024 18:37

240720-w9hxcsxckq 10

20-07-2024 18:36

240720-w82m3sxcjq 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Creal.exe

  • Size

    20.6MB

  • Sample

    240720-w9hxcsxckq

  • MD5

    83c2397d023c39a35250c4fa9d8ca703

  • SHA1

    7f659595d1f45df3597e1ee14d60d3738bb1b8bc

  • SHA256

    3e23409d7625e3cf675b5766e85b6e0ba0aa740a2825583d0bf7631817ebfce8

  • SHA512

    d91d1e5d7ab86acb6f1fe3ea76c22cbc9a08cd1ad690f6e928d5c62b15bc591399a520a3363f2d939ab8be3fd970052999a5df38c792c0ab256e4aca7bdd62f3

  • SSDEEP

    393216:XQtsTP8Hr7M5li8k3me+cGfd0NYMR8E76lCgdYB:XQtsL8L7M5lDaE5F0NYysu

Score
10/10
crealstealerpyinstallerspywarestealer

Malware Config

Targets

    • Target

      Creal.exe

    • Size

      20.6MB

    • MD5

      83c2397d023c39a35250c4fa9d8ca703

    • SHA1

      7f659595d1f45df3597e1ee14d60d3738bb1b8bc

    • SHA256

      3e23409d7625e3cf675b5766e85b6e0ba0aa740a2825583d0bf7631817ebfce8

    • SHA512

      d91d1e5d7ab86acb6f1fe3ea76c22cbc9a08cd1ad690f6e928d5c62b15bc591399a520a3363f2d939ab8be3fd970052999a5df38c792c0ab256e4aca7bdd62f3

    • SSDEEP

      393216:XQtsTP8Hr7M5li8k3me+cGfd0NYMR8E76lCgdYB:XQtsL8L7M5lDaE5F0NYysu

    Score
    7/10
    spywarestealer

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks