Overview

overview

10

Static

static

10

Celex/Main/Celex.exe

windows7-x64

7

Celex/Main/Celex.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    CelexV1.zip

  • Size

    20.2MB

  • Sample

    240312-wrag9shg49

  • MD5

    04797f35bb835a3b7a128fd1a9fb06b7

  • SHA1

    d12067e823ee8a8e86a798d05887cac22f49fbb7

  • SHA256

    dd480e8cfd2c686f6d59aea4aadb4ef5e78876caf456413c615d31099937ec5d

  • SHA512

    f084d0aa6de9c01386b5af93f201d95bd8c1cb243eb7d2a43c90322eacc9ae8afc86e6818ca1b1face4c440852b2137071d2bb7211240d62327d491314c58df1

  • SSDEEP

    393216:s+zg9o0dTQgzb/5ScG9CbHUKPGKwewmHYX2ROpxSdeX:s+go0dT7DZaIHz+yg2yx8y

Score
10/10
crealstealerpyinstallerspywarestealer

Malware Config

Targets

    • Target

      Celex/Main/Celex.exe

    • Size

      20.4MB

    • MD5

      67a2e11dc4cf10a250eb50db784ea577

    • SHA1

      c04c51e6b72f7c681f34924599c81d270c37c183

    • SHA256

      ff9931e23999793819ba51c3e422a4aa7b840408e8dd30b1f7d5a59029090b5a

    • SHA512

      1be6cb58b901d7222fe7fbd98920ae20bde3503ea8f9672ed8e8bf961d41720b3149303c28c41770f5f896f872d416313c017c86e505d10881951828f942c724

    • SSDEEP

      393216:0EkZQtsuNPG7NmiZoW1+TtIiFA/IFc2raodOKx3YV7:0hQtsUKEAl1QtIP/IHGo4e3c

    Score
    7/10
    spywarestealer

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks