General
-
Target
celex_1.exe
-
Size
17.7MB
-
Sample
240212-w4psqace89
-
MD5
49e1de2d56c99463128cfe77fd9993a4
-
SHA1
83e662fb7caa3f2dfa2c7413b3ae63a274cfa274
-
SHA256
46c1ccf0d7a678f4031b6c288f2794e94d367e0fb716616224da617201a3db1d
-
SHA512
5f4b7f627a23dee802727d75b48a301625ac8240e148f088e81a75f86bb123606e389e1a86104801a99838d71066bcf7eae02bed0bf0b70ff9487989eb978af5
-
SSDEEP
393216:rqPnLFXlreQpDOETgsvfGaogwYvEGq/6LKPq:+PLFXNeQoE0BRxI7
Behavioral task
behavioral1
Sample
celex_1.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
celex_1.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
main.pyc
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
main.pyc
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
celex_1.exe
-
Size
17.7MB
-
MD5
49e1de2d56c99463128cfe77fd9993a4
-
SHA1
83e662fb7caa3f2dfa2c7413b3ae63a274cfa274
-
SHA256
46c1ccf0d7a678f4031b6c288f2794e94d367e0fb716616224da617201a3db1d
-
SHA512
5f4b7f627a23dee802727d75b48a301625ac8240e148f088e81a75f86bb123606e389e1a86104801a99838d71066bcf7eae02bed0bf0b70ff9487989eb978af5
-
SSDEEP
393216:rqPnLFXlreQpDOETgsvfGaogwYvEGq/6LKPq:+PLFXNeQoE0BRxI7
Score7/10-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
main.pyc
-
Size
7KB
-
MD5
b579147f45bb8aa2be0ec9f7de4ac1e1
-
SHA1
a2a5efa4b5e65269a8d67ccdb7fcdb38c321cd0f
-
SHA256
9d342b36f97e3969fe16c082dfe157116f8416cd35284078a3663083de66a9cb
-
SHA512
3d955591b4144136ebaa84a1820889909314be2533de28dc205b10f3113e670e1cc1baa1debe2fa419cc73e809706bf01f204ae5646414e97c6d0dd760014555
-
SSDEEP
192:w5v5X4tL8aD8dbWdXw5V+wCJxJhwUMdwtnw:G5otL81Wuwh2UPtw
Score3/10 -