Overview

overview

10

Static

static

10

Celex.exe

windows7-x64

7

Celex.exe

windows10-2004-x64

9

discord_to...er.pyc

windows7-x64

3

discord_to...er.pyc

windows10-2004-x64

3

get_cookies.pyc

windows7-x64

3

get_cookies.pyc

windows10-2004-x64

3

misc.pyc

windows7-x64

3

misc.pyc

windows10-2004-x64

3

passwords_grabber.pyc

windows7-x64

3

passwords_grabber.pyc

windows10-2004-x64

3

source_prepared.pyc

windows7-x64

3

source_prepared.pyc

windows10-2004-x64

3

Resubmissions

19-04-2024 04:24

240419-e1tttshf8y 10

19-04-2024 04:20

240419-eygrgshe9s 10

19-04-2024 04:05

240419-eny8sagb93 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Celex.exe

  • Size

    21.4MB

  • Sample

    240419-eny8sagb93

  • MD5

    e2b29c99e4c748bc6f410c30b7e2401c

  • SHA1

    daec0a0361f168e05ead55eadfa41458042bf9a1

  • SHA256

    eb06b198bf42d7c35111dc76c27db1f77bfba7b034081183614f938d07d26269

  • SHA512

    d6c410af494d5da1cfd9a998d5e830d4779e987fcf63542e4036e1d1376f7c6b53268cb0e134846ca7c3ed6af111217c35ca17750cb77d203219a9b1d939c145

  • SSDEEP

    393216:5L9yy9lm6rQN+rrB+A/pWNuR8XuZEc2BsnJVeDBXW2DmG5kHTy:Z9Z9lQcrrB+A/pWNuZ4GJsBXTqz

Score
10/10
pysilonevasionpersistencepyinstallerupx

Malware Config

Targets

    • Target

      Celex.exe

    • Size

      21.4MB

    • MD5

      e2b29c99e4c748bc6f410c30b7e2401c

    • SHA1

      daec0a0361f168e05ead55eadfa41458042bf9a1

    • SHA256

      eb06b198bf42d7c35111dc76c27db1f77bfba7b034081183614f938d07d26269

    • SHA512

      d6c410af494d5da1cfd9a998d5e830d4779e987fcf63542e4036e1d1376f7c6b53268cb0e134846ca7c3ed6af111217c35ca17750cb77d203219a9b1d939c145

    • SSDEEP

      393216:5L9yy9lm6rQN+rrB+A/pWNuR8XuZEc2BsnJVeDBXW2DmG5kHTy:Z9Z9lQcrrB+A/pWNuZ4GJsBXTqz

    Score
    9/10
    upxevasionpersistence

    • Enumerates VirtualBox DLL files

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

    • Target

      discord_token_grabber.pyc

    • Size

      17KB

    • MD5

      db40ce247b464d3ac0d15080f22ce442

    • SHA1

      eb10f081e16c9566f1b487d39eda3fb8fa4b0de5

    • SHA256

      74475975b9fc2e15a1432b8e4930b6a8a25dd63511bbc2628ae81483dd569046

    • SHA512

      c614c93d3ad758bfe1155864328626b98900e95e06c504641f0286ee40e4e0e24eb4d83b06af576e7799d517aae8404f5c9acdc64315c594319c29e13a77b81e

    • SSDEEP

      384:cGllyAavwW9FaOx817PPQviowoYbCj+MoGWTd0Da8:cIlytvN9oOx8JnQ6owoYOyMImDa8

    Score
    3/10
    behavioral3behavioral4

    • Target

      get_cookies.pyc

    • Size

      10KB

    • MD5

      ddc40a1cee51500039f5c98ef7b1d3c9

    • SHA1

      1e65cf0d7acb74e429844d2ee5b2d39369d17750

    • SHA256

      1201adef44d0ba8be86b7d4aa4e8f69f1f8f800522fa574291974a3b40250436

    • SHA512

      c9a89f5fe6ef87d7d8ce63a59f87fd5684d91e5dccfda644d84a40d5316b85b9930e90f096f13e811f646da724bc267ac853c15e451a6888083d5ab0572f27db

    • SSDEEP

      192:TzOCIeivQfUFPLqwOEVOFc1mNe47+S5zEzzzzz1zz+HoowAE:TzOUi4aFEe4KSPIAE

    Score
    3/10
    behavioral5behavioral6

    • Target

      misc.pyc

    • Size

      5KB

    • MD5

      fccbf8762a2d6e382b044d73c9969fbc

    • SHA1

      9530b874a2fb37cef0bdbc13775d64400c6158b4

    • SHA256

      bdadc8d5f54a135e4cad6dd398023cc5a8053619489b38d4b22e104215572f89

    • SHA512

      359b92919a585e4191bceb029e05c9af95816fc023fd5d566d4a5d9fc88b216cace2fe54dacff65decb68d9ad724386467f367a4fadc68b648a44f5b14f84d20

    • SSDEEP

      96:DSajAihmJG4n3B4SmSSSSlSSSShDwegPbbVxlj0oIHEDS5ejmw01k9Bddpq:eYAfn3ySmSSSSlSSSSeeOPVxx0oIHZeQ

    Score
    3/10
    behavioral7behavioral8

    • Target

      passwords_grabber.pyc

    • Size

      8KB

    • MD5

      1ca5633be35a5db415bc83be9852bf0e

    • SHA1

      710a4da76579449bb0b45eecedd42aea82ba6b35

    • SHA256

      07a93aa41dbdcd8962b2ad1fcbd7c1bf661130c1cf050a5a4ef6821d30893099

    • SHA512

      9ac14821d21d9c7345b6cf51d9e1c31f908590fadca061ed4f5c50ea7cd28c92b169aa7985873876989e7108946090695a4c782d8251f5061d27cea7c2f35ccb

    • SSDEEP

      192:+CE34EAL/GFf/PoXdLO23NsDmqFUhkxNivLI9dRvL:Y4EAL/AfsFO8NsxuOxNn

    Score
    3/10
    behavioral10behavioral9

    • Target

      source_prepared.pyc

    • Size

      126KB

    • MD5

      7de4501b15027fd0ed3ec6da09398cdf

    • SHA1

      121e20aabafc32291fd47fb4501ead0a824bdb0a

    • SHA256

      b11e8b3883d7e90cdbe1f039a717bdfc070c59085b53afeae4e1d4febcabc310

    • SHA512

      13795df100515a37aee7b99d6edd4b92e40d6864980b8c170e202aa4d0853ae0fa4f830d939eba1d91bf96a345297980128063e1140c74ccb591eca28405ecc2

    • SSDEEP

      1536:SL79Ygi1Gfu8WoBQCtKwQe7zMiXtAgicy6VPIzllHUVbC8Ofi:SL79o1gufoltK+74cigicGybC8Oa

    Score
    3/10
    behavioral11behavioral12

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Hide Artifacts

2
T1564

Hidden Files and Directories

2
T1564.001

Modify Registry

1
T1112

Credential Access

Discovery

File and Directory Discovery

1
T1083

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

5
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks