General

  • Target

    Creal.exe

  • Size

    16.6MB

  • Sample

    241005-fb4heawdkq

  • MD5

    e2767fe88acabec342588239d37c71b5

  • SHA1

    1ee6db0ae4d58ce3a7ab40ece6e70fc56ab0f8cf

  • SHA256

    faace355a6f09b7e2ce35144ea523b253c34539b9b9016f17b74cc01bd0756cf

  • SHA512

    3549449356ec41608be4247cdb063273cb2bd0b26c904973baf5f3246a7dac03562987dd5146bbd479c17891d814528a009a1c2114deda10252a7b0cab1bc040

  • SSDEEP

    196608:3gLaAX+0kL4Czh+cBDzf4LBIP6k4FMIZETSrjPePdrQJFKbkBIsjwru+158aCETu:0xDkXzsszf490RQETSrvJUOOu+oES

Malware Config

Targets

    • Target

      Creal.exe

    • Size

      16.6MB

    • MD5

      e2767fe88acabec342588239d37c71b5

    • SHA1

      1ee6db0ae4d58ce3a7ab40ece6e70fc56ab0f8cf

    • SHA256

      faace355a6f09b7e2ce35144ea523b253c34539b9b9016f17b74cc01bd0756cf

    • SHA512

      3549449356ec41608be4247cdb063273cb2bd0b26c904973baf5f3246a7dac03562987dd5146bbd479c17891d814528a009a1c2114deda10252a7b0cab1bc040

    • SSDEEP

      196608:3gLaAX+0kL4Czh+cBDzf4LBIP6k4FMIZETSrjPePdrQJFKbkBIsjwru+158aCETu:0xDkXzsszf490RQETSrvJUOOu+oES

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks