3d7baa7abcea273272972b5fd43a9dfa664052a81200e593cc6a5d9dc5d61f29 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

celexloader.exe

windows7-x64

7

celexloader.exe

windows10-2004-x64

7

Sharing

General

Target

celexloader.exe
Size

20.3MB
Sample

240505-serdgadd4v
MD5

f9fcee41e19b5c2adbdc2e697a0d2fc4
SHA1

265d8835c00e6436fd694c21bb01d2563639da02
SHA256

3d7baa7abcea273272972b5fd43a9dfa664052a81200e593cc6a5d9dc5d61f29
SHA512

4253d98c5f3f61db5cea6a09c00ecddb668a60635f13bfc233347d7666a1e0cbeafbdc180d763e0bd4cfc0aaacba27fa224107e2265336e119a0d425181fec6c
SSDEEP

393216:WEkZQtsut4P8AxYDX1+TtIiFqCuARuAQsFXmbBrk4jZ60bTM31vnC:WhQtsczX71QtI1CuAgs8BA4V3bTm1vC

Score

7^/10

pyinstaller spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

celexloader.exe

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

celexloader.exe

Resource

win10v2004-20240419-en

spyware stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  celexloader.exe
- Size
  
  20.3MB
- MD5
  
  f9fcee41e19b5c2adbdc2e697a0d2fc4
- SHA1
  
  265d8835c00e6436fd694c21bb01d2563639da02
- SHA256
  
  3d7baa7abcea273272972b5fd43a9dfa664052a81200e593cc6a5d9dc5d61f29
- SHA512
  
  4253d98c5f3f61db5cea6a09c00ecddb668a60635f13bfc233347d7666a1e0cbeafbdc180d763e0bd4cfc0aaacba27fa224107e2265336e119a0d425181fec6c
- SSDEEP
  
  393216:WEkZQtsut4P8AxYDX1+TtIiFqCuARuAQsFXmbBrk4jZ60bTM31vnC:WhQtsczX71QtI1CuAgs8BA4V3bTm1vC
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy