General

  • Target

    Creal.exe

  • Size

    17.2MB

  • Sample

    240724-leew4s1hkh

  • MD5

    e970cf72226f88874600e25012891156

  • SHA1

    ff016a986557ec18fcf58200c400398eb7b14e4d

  • SHA256

    2cc5696a8a356753ef582bcf0b32b8b8f74dfa4290502355d63a0ff9e7e5539a

  • SHA512

    d3bd41f6e3906ac5d2dac689180963adabeb178b030593ab1d35cf2555c6b1516a6f3e79da31f18804d260bbe98fe53c52c47c0952326722c40d2c1c0986dcab

  • SSDEEP

    393216:FEkwAci2xY1+TtIiFg0VBSRW8E5u6bGaL6gIF4E5IXvCI9:FI+GY1QtI6YRW8IuyLeWE5IXqI9

Malware Config

Targets

    • Target

      Creal.exe

    • Size

      17.2MB

    • MD5

      e970cf72226f88874600e25012891156

    • SHA1

      ff016a986557ec18fcf58200c400398eb7b14e4d

    • SHA256

      2cc5696a8a356753ef582bcf0b32b8b8f74dfa4290502355d63a0ff9e7e5539a

    • SHA512

      d3bd41f6e3906ac5d2dac689180963adabeb178b030593ab1d35cf2555c6b1516a6f3e79da31f18804d260bbe98fe53c52c47c0952326722c40d2c1c0986dcab

    • SSDEEP

      393216:FEkwAci2xY1+TtIiFg0VBSRW8E5u6bGaL6gIF4E5IXvCI9:FI+GY1QtI6YRW8IuyLeWE5IXqI9

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks