General
-
Target
Creal.exe
-
Size
16.6MB
-
Sample
241005-facy3awcnn
-
MD5
e2767fe88acabec342588239d37c71b5
-
SHA1
1ee6db0ae4d58ce3a7ab40ece6e70fc56ab0f8cf
-
SHA256
faace355a6f09b7e2ce35144ea523b253c34539b9b9016f17b74cc01bd0756cf
-
SHA512
3549449356ec41608be4247cdb063273cb2bd0b26c904973baf5f3246a7dac03562987dd5146bbd479c17891d814528a009a1c2114deda10252a7b0cab1bc040
-
SSDEEP
196608:3gLaAX+0kL4Czh+cBDzf4LBIP6k4FMIZETSrjPePdrQJFKbkBIsjwru+158aCETu:0xDkXzsszf490RQETSrvJUOOu+oES
Behavioral task
behavioral1
Sample
Creal.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
Creal.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
Creal.exe
-
Size
16.6MB
-
MD5
e2767fe88acabec342588239d37c71b5
-
SHA1
1ee6db0ae4d58ce3a7ab40ece6e70fc56ab0f8cf
-
SHA256
faace355a6f09b7e2ce35144ea523b253c34539b9b9016f17b74cc01bd0756cf
-
SHA512
3549449356ec41608be4247cdb063273cb2bd0b26c904973baf5f3246a7dac03562987dd5146bbd479c17891d814528a009a1c2114deda10252a7b0cab1bc040
-
SSDEEP
196608:3gLaAX+0kL4Czh+cBDzf4LBIP6k4FMIZETSrjPePdrQJFKbkBIsjwru+158aCETu:0xDkXzsszf490RQETSrvJUOOu+oES
Score7/10-
Drops startup file
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-