Infostealer
Creal Stealer
Creal is an open-source grabber/credential stealer that was originally made by a GitHub user named Ayhuuu, who even advertised a "premium" version on his now-deleted Telegram channel @Crealstealer.
Creal is an open-source grabber/credential stealer that was originally made by a GitHub user named Ayhuuu, who even advertised a "premium" version on his now-deleted Telegram channel @Crealstealer. To the day of release, it was already not FUD, but its open-source nature made it attractive for threat actors to modify the base malware and even obfuscate it for less detection ratios. The base project came with a compiler, and the general source code the compiler used was PyInstaller for compilation into native formats like exe. For C2, Discord webhooks were utilized, which in later versions got protected with a service called https://stealer.to to make deletion not possible.
It Compromised following Data on Execution:
- Discord Information
- Browser Data
- Crypto Related Data
- Steam
- Riot Games
- Telegram
- System Information
- Tokens/Secrets
Family metadata imported from Malpedia (Fraunhofer FKIE).