General

  • Target

    Celex_v2.exe

  • Size

    548KB

  • Sample

    240507-t6md9shd63

  • MD5

    fe1614a84d31169e4143df54eab8b176

  • SHA1

    3adb1eff94b0844ae84432298123efafb38d97db

  • SHA256

    d06cb1aa1bb5af0339f102a4820a365fdbe0dece9725e3768c24a92672eaae40

  • SHA512

    dadb24b0755696f86b235a06c1b113332c9bd2c4750ea73a802d11bbf5054592afd24d20590904ebf5b0a8b0c6b9a00bd7c775ad7b92f17375f4a4df39689e49

  • SSDEEP

    12288:MH9GgqEyGocGjPrW/XbQapF8fK4K3FDRlSU3zf90v:MHogRy9cGe/XZpaCxCazf

Score
10/10

Malware Config

Targets

    • Target

      Celex_v2.exe

    • Size

      548KB

    • MD5

      fe1614a84d31169e4143df54eab8b176

    • SHA1

      3adb1eff94b0844ae84432298123efafb38d97db

    • SHA256

      d06cb1aa1bb5af0339f102a4820a365fdbe0dece9725e3768c24a92672eaae40

    • SHA512

      dadb24b0755696f86b235a06c1b113332c9bd2c4750ea73a802d11bbf5054592afd24d20590904ebf5b0a8b0c6b9a00bd7c775ad7b92f17375f4a4df39689e49

    • SSDEEP

      12288:MH9GgqEyGocGjPrW/XbQapF8fK4K3FDRlSU3zf90v:MHogRy9cGe/XZpaCxCazf

    Score
    10/10
    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Sets service image path in registry

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks