Overview
overview
10Static
static
10Celex.exe
windows7-x64
7Celex.exe
windows10-2004-x64
9discord_to...er.pyc
windows7-x64
3discord_to...er.pyc
windows10-2004-x64
3get_cookies.pyc
windows7-x64
3get_cookies.pyc
windows10-2004-x64
3misc.pyc
windows7-x64
3misc.pyc
windows10-2004-x64
3passwords_grabber.pyc
windows7-x64
3passwords_grabber.pyc
windows10-2004-x64
3source_prepared.pyc
windows7-x64
3source_prepared.pyc
windows10-2004-x64
3General
-
Target
Celex.exe
-
Size
21.4MB
-
Sample
240419-eny8sagb93
-
MD5
e2b29c99e4c748bc6f410c30b7e2401c
-
SHA1
daec0a0361f168e05ead55eadfa41458042bf9a1
-
SHA256
eb06b198bf42d7c35111dc76c27db1f77bfba7b034081183614f938d07d26269
-
SHA512
d6c410af494d5da1cfd9a998d5e830d4779e987fcf63542e4036e1d1376f7c6b53268cb0e134846ca7c3ed6af111217c35ca17750cb77d203219a9b1d939c145
-
SSDEEP
393216:5L9yy9lm6rQN+rrB+A/pWNuR8XuZEc2BsnJVeDBXW2DmG5kHTy:Z9Z9lQcrrB+A/pWNuZ4GJsBXTqz
Behavioral task
behavioral1
Sample
Celex.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Celex.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral3
Sample
discord_token_grabber.pyc
Resource
win7-20240319-en
Behavioral task
behavioral4
Sample
discord_token_grabber.pyc
Resource
win10v2004-20240412-en
Behavioral task
behavioral5
Sample
get_cookies.pyc
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
get_cookies.pyc
Resource
win10v2004-20240412-en
Behavioral task
behavioral7
Sample
misc.pyc
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
misc.pyc
Resource
win10v2004-20240412-en
Behavioral task
behavioral9
Sample
passwords_grabber.pyc
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
passwords_grabber.pyc
Resource
win10v2004-20240412-en
Behavioral task
behavioral11
Sample
source_prepared.pyc
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
source_prepared.pyc
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
Celex.exe
-
Size
21.4MB
-
MD5
e2b29c99e4c748bc6f410c30b7e2401c
-
SHA1
daec0a0361f168e05ead55eadfa41458042bf9a1
-
SHA256
eb06b198bf42d7c35111dc76c27db1f77bfba7b034081183614f938d07d26269
-
SHA512
d6c410af494d5da1cfd9a998d5e830d4779e987fcf63542e4036e1d1376f7c6b53268cb0e134846ca7c3ed6af111217c35ca17750cb77d203219a9b1d939c145
-
SSDEEP
393216:5L9yy9lm6rQN+rrB+A/pWNuR8XuZEc2BsnJVeDBXW2DmG5kHTy:Z9Z9lQcrrB+A/pWNuZ4GJsBXTqz
Score9/10-
Enumerates VirtualBox DLL files
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
discord_token_grabber.pyc
-
Size
17KB
-
MD5
db40ce247b464d3ac0d15080f22ce442
-
SHA1
eb10f081e16c9566f1b487d39eda3fb8fa4b0de5
-
SHA256
74475975b9fc2e15a1432b8e4930b6a8a25dd63511bbc2628ae81483dd569046
-
SHA512
c614c93d3ad758bfe1155864328626b98900e95e06c504641f0286ee40e4e0e24eb4d83b06af576e7799d517aae8404f5c9acdc64315c594319c29e13a77b81e
-
SSDEEP
384:cGllyAavwW9FaOx817PPQviowoYbCj+MoGWTd0Da8:cIlytvN9oOx8JnQ6owoYOyMImDa8
Score3/10 -
-
-
Target
get_cookies.pyc
-
Size
10KB
-
MD5
ddc40a1cee51500039f5c98ef7b1d3c9
-
SHA1
1e65cf0d7acb74e429844d2ee5b2d39369d17750
-
SHA256
1201adef44d0ba8be86b7d4aa4e8f69f1f8f800522fa574291974a3b40250436
-
SHA512
c9a89f5fe6ef87d7d8ce63a59f87fd5684d91e5dccfda644d84a40d5316b85b9930e90f096f13e811f646da724bc267ac853c15e451a6888083d5ab0572f27db
-
SSDEEP
192:TzOCIeivQfUFPLqwOEVOFc1mNe47+S5zEzzzzz1zz+HoowAE:TzOUi4aFEe4KSPIAE
Score3/10 -
-
-
Target
misc.pyc
-
Size
5KB
-
MD5
fccbf8762a2d6e382b044d73c9969fbc
-
SHA1
9530b874a2fb37cef0bdbc13775d64400c6158b4
-
SHA256
bdadc8d5f54a135e4cad6dd398023cc5a8053619489b38d4b22e104215572f89
-
SHA512
359b92919a585e4191bceb029e05c9af95816fc023fd5d566d4a5d9fc88b216cace2fe54dacff65decb68d9ad724386467f367a4fadc68b648a44f5b14f84d20
-
SSDEEP
96:DSajAihmJG4n3B4SmSSSSlSSSShDwegPbbVxlj0oIHEDS5ejmw01k9Bddpq:eYAfn3ySmSSSSlSSSSeeOPVxx0oIHZeQ
Score3/10 -
-
-
Target
passwords_grabber.pyc
-
Size
8KB
-
MD5
1ca5633be35a5db415bc83be9852bf0e
-
SHA1
710a4da76579449bb0b45eecedd42aea82ba6b35
-
SHA256
07a93aa41dbdcd8962b2ad1fcbd7c1bf661130c1cf050a5a4ef6821d30893099
-
SHA512
9ac14821d21d9c7345b6cf51d9e1c31f908590fadca061ed4f5c50ea7cd28c92b169aa7985873876989e7108946090695a4c782d8251f5061d27cea7c2f35ccb
-
SSDEEP
192:+CE34EAL/GFf/PoXdLO23NsDmqFUhkxNivLI9dRvL:Y4EAL/AfsFO8NsxuOxNn
Score3/10 -
-
-
Target
source_prepared.pyc
-
Size
126KB
-
MD5
7de4501b15027fd0ed3ec6da09398cdf
-
SHA1
121e20aabafc32291fd47fb4501ead0a824bdb0a
-
SHA256
b11e8b3883d7e90cdbe1f039a717bdfc070c59085b53afeae4e1d4febcabc310
-
SHA512
13795df100515a37aee7b99d6edd4b92e40d6864980b8c170e202aa4d0853ae0fa4f830d939eba1d91bf96a345297980128063e1140c74ccb591eca28405ecc2
-
SSDEEP
1536:SL79Ygi1Gfu8WoBQCtKwQe7zMiXtAgicy6VPIzllHUVbC8Ofi:SL79o1gufoltK+74cigicGybC8Oa
Score3/10 -
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Virtualization/Sandbox Evasion
1Hide Artifacts
2Hidden Files and Directories
2Modify Registry
1