Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    celexloader.exe

  • Size

    20.3MB

  • Sample

    240505-serdgadd4v

  • MD5

    f9fcee41e19b5c2adbdc2e697a0d2fc4

  • SHA1

    265d8835c00e6436fd694c21bb01d2563639da02

  • SHA256

    3d7baa7abcea273272972b5fd43a9dfa664052a81200e593cc6a5d9dc5d61f29

  • SHA512

    4253d98c5f3f61db5cea6a09c00ecddb668a60635f13bfc233347d7666a1e0cbeafbdc180d763e0bd4cfc0aaacba27fa224107e2265336e119a0d425181fec6c

  • SSDEEP

    393216:WEkZQtsut4P8AxYDX1+TtIiFqCuARuAQsFXmbBrk4jZ60bTM31vnC:WhQtsczX71QtI1CuAgs8BA4V3bTm1vC

Malware Config

Targets

    • Target

      celexloader.exe

    • Size

      20.3MB

    • MD5

      f9fcee41e19b5c2adbdc2e697a0d2fc4

    • SHA1

      265d8835c00e6436fd694c21bb01d2563639da02

    • SHA256

      3d7baa7abcea273272972b5fd43a9dfa664052a81200e593cc6a5d9dc5d61f29

    • SHA512

      4253d98c5f3f61db5cea6a09c00ecddb668a60635f13bfc233347d7666a1e0cbeafbdc180d763e0bd4cfc0aaacba27fa224107e2265336e119a0d425181fec6c

    • SSDEEP

      393216:WEkZQtsut4P8AxYDX1+TtIiFqCuARuAQsFXmbBrk4jZ60bTM31vnC:WhQtsczX71QtI1CuAgs8BA4V3bTm1vC

    Score
    7/10
    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks