Overview

overview

7

Static

static

3

celex(1).exe

windows7-x64

7

celex(1).exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    celex(1).exe

  • Size

    10.1MB

  • Sample

    240221-ryeckshf95

  • MD5

    c9183411ef80ad50f1a4fa87cc57aeb6

  • SHA1

    fa61f2baf3bbca2b610df2f16e10f871389cc875

  • SHA256

    9991ec1dbf4df5e403579305b3fd652b2ae7fcb503ed6bf6809f2e492a23f13b

  • SHA512

    ca8739a23dfb5410e737a5c03517aceb1ecc3ea9f6ea6f19b47754c2339efc3e617d82dfa9c7d2928012ad47b5690a9f00c82e9e721017f8b47694ea4240ee8b

  • SSDEEP

    196608:Zm6EkJhInc1W903eV4QRItpDjIIAcwDIlaUGcRPcvvk9QIis:pEkJhuyW+eGQRg9jocBGcVh

Score
7/10
pyinstallerspywarestealer

Malware Config

Targets

    • Target

      celex(1).exe

    • Size

      10.1MB

    • MD5

      c9183411ef80ad50f1a4fa87cc57aeb6

    • SHA1

      fa61f2baf3bbca2b610df2f16e10f871389cc875

    • SHA256

      9991ec1dbf4df5e403579305b3fd652b2ae7fcb503ed6bf6809f2e492a23f13b

    • SHA512

      ca8739a23dfb5410e737a5c03517aceb1ecc3ea9f6ea6f19b47754c2339efc3e617d82dfa9c7d2928012ad47b5690a9f00c82e9e721017f8b47694ea4240ee8b

    • SSDEEP

      196608:Zm6EkJhInc1W903eV4QRItpDjIIAcwDIlaUGcRPcvvk9QIis:pEkJhuyW+eGQRg9jocBGcVh

    Score
    7/10
    spywarestealer

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks