Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
celexloader.exe
-
Size
20.3MB
-
Sample
240505-serdgadd4v
-
MD5
f9fcee41e19b5c2adbdc2e697a0d2fc4
-
SHA1
265d8835c00e6436fd694c21bb01d2563639da02
-
SHA256
3d7baa7abcea273272972b5fd43a9dfa664052a81200e593cc6a5d9dc5d61f29
-
SHA512
4253d98c5f3f61db5cea6a09c00ecddb668a60635f13bfc233347d7666a1e0cbeafbdc180d763e0bd4cfc0aaacba27fa224107e2265336e119a0d425181fec6c
-
SSDEEP
393216:WEkZQtsut4P8AxYDX1+TtIiFqCuARuAQsFXmbBrk4jZ60bTM31vnC:WhQtsczX71QtI1CuAgs8BA4V3bTm1vC
Behavioral task
behavioral1
Sample
celexloader.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
celexloader.exe
-
Size
20.3MB
-
MD5
f9fcee41e19b5c2adbdc2e697a0d2fc4
-
SHA1
265d8835c00e6436fd694c21bb01d2563639da02
-
SHA256
3d7baa7abcea273272972b5fd43a9dfa664052a81200e593cc6a5d9dc5d61f29
-
SHA512
4253d98c5f3f61db5cea6a09c00ecddb668a60635f13bfc233347d7666a1e0cbeafbdc180d763e0bd4cfc0aaacba27fa224107e2265336e119a0d425181fec6c
-
SSDEEP
393216:WEkZQtsut4P8AxYDX1+TtIiFqCuARuAQsFXmbBrk4jZ60bTM31vnC:WhQtsczX71QtI1CuAgs8BA4V3bTm1vC
-
Drops startup file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-