Extracted

• • Target

    celex/celex.dll

  • Size

    1.1MB

  • MD5

    d91f8a8d5c8559744464d1109225b505

  • SHA1

    6a8507f3fce19ef0aabe3c5919bd3670134b3f4f

  • SHA256

    49e2d50afd26e329be5fe0b6b56c2f499aa67c7ff3c6e07594f03490a44a3685

  • SHA512

    87e4ce1fa50abd01c497c499c876e45fbd5b8f6577cb994e0f3154893b8c2d0ef306b434ca430ef68bab8c2cf7477152ecaf4f4e546dd0bfbc9f992a66b17b5d

  • SSDEEP

    24576:v5HGqEFgz/4cWN2hkvqWYWIPBK6DytDlrIAyqntGDojy:v5mq3zg/NQkjYWsYjntgx

  Score

  1^/10
  behavioral1behavioral2

• • Target

    celex/celex.exe

  • Size

    232KB

  • MD5

    c1e78a3d9c64ee73677e72545163c126

  • SHA1

    28a33f173005ec78dc14c67d5b5761f4405243be

  • SHA256

    9c6a028c15964ab83a35637a55e9738eec342d67f16c7c0d347b31f259e28629

  • SHA512

    a8e666fd43d72801db460ecced8ae5217442919b9b1b50b0efdaa5db1b3950dab5d20e6b6567d3463c0808b1b73d6bd40310a6e637a3b8de66b677bcb9ad01ad

  • SSDEEP

    6144:rloZMLrIkd8g+EtXHkv/iD4ThFphv0IHg2PxM4dy+b8e1magci:poZ0L+EP8ThFphv0IHg2PxM4dpu1

  Score

  10^/10

  umbralstealerexecutionspyware

  • Detect Umbral payload

  • Umbral

    Umbral stealer is an opensource moduler stealer written in C#.

    stealerumbral

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Drops file in Drivers directory

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral3behavioral4