General
-
Target
Creal.exe
-
Size
17.2MB
-
Sample
240724-lckdtaydlj
-
MD5
614c7d725cf644c402ab1676f1c9a1c2
-
SHA1
47febcbbb37adab89106933f2c526ab65200c8f1
-
SHA256
5c6d3424022fcf83f557a6ac1f16e524f26090b27c0285d892c479e4962c57d9
-
SHA512
7238d36888bff3a41033fb67fadf29286f8ac2227a475127789e96eb381fc703c9cb22a98a5801451962046e4f56bb27b11c018ed245c499458bf0bc7aab544f
-
SSDEEP
393216:PEkwAci2xY1+TtIiFg0VBSRW8E5u6bGaL6gIF4E5IXvCI9:PI+GY1QtI6YRW8IuyLeWE5IXqI9
Behavioral task
behavioral1
Sample
Creal.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral2
Sample
Creal.pyc
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
Creal.exe
-
Size
17.2MB
-
MD5
614c7d725cf644c402ab1676f1c9a1c2
-
SHA1
47febcbbb37adab89106933f2c526ab65200c8f1
-
SHA256
5c6d3424022fcf83f557a6ac1f16e524f26090b27c0285d892c479e4962c57d9
-
SHA512
7238d36888bff3a41033fb67fadf29286f8ac2227a475127789e96eb381fc703c9cb22a98a5801451962046e4f56bb27b11c018ed245c499458bf0bc7aab544f
-
SSDEEP
393216:PEkwAci2xY1+TtIiFg0VBSRW8E5u6bGaL6gIF4E5IXvCI9:PI+GY1QtI6YRW8IuyLeWE5IXqI9
Score9/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Drops startup file
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
-
-
Target
Creal.pyc
-
Size
109KB
-
MD5
c52a67ea9530ccd68de896116b44b2b8
-
SHA1
88d45d22782eb9a577a062fcb4bb5cfd94278bfa
-
SHA256
3dc24629b8113d9b3c75466ac9cf3f95a27cf7ed93a55d27b68b65f930a0e7cf
-
SHA512
58e26f575bec9fc9e59d176646f4eee921f307d434c934bc026d4a2c37b54ddb1c6c5a2147eedfeb3e2f99b033295b0f7be3e25f686361f6e281f05edee67929
-
SSDEEP
3072:Fm7MaNdUcd2gAH6enHSdlcZdxlchUL62gw3DKD:dQUg4SdlcZdxlchUL6212
Score3/10 -