crealstealer | 6542308295ff6b80e525daafc799ee6e70f887b30c6b278da259f3fb9a846556 | Triage

Submit
Reports

Overview

overview

Static

static

Creal.exe

windows7-x64

7

Creal.exe

windows10-2004-x64

7

Sharing

General

Target

Creal.exe
Size

16.6MB
Sample

250304-sqmjnatsgz
MD5

7e3bc6e6c058cfc70033ba62ac026350
SHA1

16c4c251dfeb6e3e914d167fc766194e90dbe304
SHA256

6542308295ff6b80e525daafc799ee6e70f887b30c6b278da259f3fb9a846556
SHA512

68f24871d4b8651070bb01398eff48d95d27c6b2307f33f0d74b25f31fbb9b5eb334930c082edc7087f125248dbedc1f7444cb6a5f7e4525e95f7527cdac5903
SSDEEP

393216:mu7L/1VdQ2lN/m3pS+9J8ecH4K8zw4Jt8hXeSkM:mCLdVdQGKB9J8ecYK/P

Score

10^/10

crealstealer credential_access discovery pyinstaller spyware stealer

Static task

static1

pyinstaller crealstealer

4 signatures

Behavioral task

behavioral1

Sample

Creal.exe

Resource

win7-20240903-en

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

Creal.exe

Resource

win10v2004-20250217-en

credential_access spyware stealer

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  Creal.exe
- Size
  
  16.6MB
- MD5
  
  7e3bc6e6c058cfc70033ba62ac026350
- SHA1
  
  16c4c251dfeb6e3e914d167fc766194e90dbe304
- SHA256
  
  6542308295ff6b80e525daafc799ee6e70f887b30c6b278da259f3fb9a846556
- SHA512
  
  68f24871d4b8651070bb01398eff48d95d27c6b2307f33f0d74b25f31fbb9b5eb334930c082edc7087f125248dbedc1f7444cb6a5f7e4525e95f7527cdac5903
- SSDEEP
  
  393216:mu7L/1VdQ2lN/m3pS+9J8ecH4K8zw4Jt8hXeSkM:mCLdVdQGKB9J8ecYK/P
Score

7^/10

discovery credential_access spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

pyinstallercrealstealer

behavioral1

behavioral2

credential_accessspywarestealer

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.