General

  • Target

    Creal.exe

  • Size

    17.2MB

  • Sample

    240724-lckdtaydlj

  • MD5

    614c7d725cf644c402ab1676f1c9a1c2

  • SHA1

    47febcbbb37adab89106933f2c526ab65200c8f1

  • SHA256

    5c6d3424022fcf83f557a6ac1f16e524f26090b27c0285d892c479e4962c57d9

  • SHA512

    7238d36888bff3a41033fb67fadf29286f8ac2227a475127789e96eb381fc703c9cb22a98a5801451962046e4f56bb27b11c018ed245c499458bf0bc7aab544f

  • SSDEEP

    393216:PEkwAci2xY1+TtIiFg0VBSRW8E5u6bGaL6gIF4E5IXvCI9:PI+GY1QtI6YRW8IuyLeWE5IXqI9

Malware Config

Targets

    • Target

      Creal.exe

    • Size

      17.2MB

    • MD5

      614c7d725cf644c402ab1676f1c9a1c2

    • SHA1

      47febcbbb37adab89106933f2c526ab65200c8f1

    • SHA256

      5c6d3424022fcf83f557a6ac1f16e524f26090b27c0285d892c479e4962c57d9

    • SHA512

      7238d36888bff3a41033fb67fadf29286f8ac2227a475127789e96eb381fc703c9cb22a98a5801451962046e4f56bb27b11c018ed245c499458bf0bc7aab544f

    • SSDEEP

      393216:PEkwAci2xY1+TtIiFg0VBSRW8E5u6bGaL6gIF4E5IXvCI9:PI+GY1QtI6YRW8IuyLeWE5IXqI9

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

    • Target

      Creal.pyc

    • Size

      109KB

    • MD5

      c52a67ea9530ccd68de896116b44b2b8

    • SHA1

      88d45d22782eb9a577a062fcb4bb5cfd94278bfa

    • SHA256

      3dc24629b8113d9b3c75466ac9cf3f95a27cf7ed93a55d27b68b65f930a0e7cf

    • SHA512

      58e26f575bec9fc9e59d176646f4eee921f307d434c934bc026d4a2c37b54ddb1c6c5a2147eedfeb3e2f99b033295b0f7be3e25f686361f6e281f05edee67929

    • SSDEEP

      3072:Fm7MaNdUcd2gAH6enHSdlcZdxlchUL62gw3DKD:dQUg4SdlcZdxlchUL6212

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks