Overview

overview

9

Static

static

7

celex.exe

windows7-x64

9

celex.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    celex.exe

  • Size

    4.0MB

  • Sample

    240219-t6faysgh75

  • MD5

    c874dc90720f9240b8b95897d2d696bf

  • SHA1

    8b6d7cff1b0f85c83157b96d86b828372bf45876

  • SHA256

    f0bd6236ae04d1a7e53575e21a8ec4cced336b5585296766d4acb3538ad09807

  • SHA512

    da7dd92b8390f339dba9e835f556b28fa5baf536f455641de5529aa5747fb510561a3b7e36f21db0c7049b883b9570396e71f08033edde9573cca0f8953f9aef

  • SSDEEP

    98304:BBPWkrg/6NgmYJ+PZ/ROLbvqEufbV14C5jnlAd706/yIhBfev9MgT:BJHg/WgvJqQvHufb4UzmdRg5

Score
9/10
evasionpersistencethemidatrojan

Malware Config

Targets

    • Target

      celex.exe

    • Size

      4.0MB

    • MD5

      c874dc90720f9240b8b95897d2d696bf

    • SHA1

      8b6d7cff1b0f85c83157b96d86b828372bf45876

    • SHA256

      f0bd6236ae04d1a7e53575e21a8ec4cced336b5585296766d4acb3538ad09807

    • SHA512

      da7dd92b8390f339dba9e835f556b28fa5baf536f455641de5529aa5747fb510561a3b7e36f21db0c7049b883b9570396e71f08033edde9573cca0f8953f9aef

    • SSDEEP

      98304:BBPWkrg/6NgmYJ+PZ/ROLbvqEufbV14C5jnlAd706/yIhBfev9MgT:BJHg/WgvJqQvHufb4UzmdRg5

    Score
    9/10
    evasionpersistencethemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Sets service image path in registry

      persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks