52b76346d02c11ce533e09dc8f5646f8e65b22b04e1298c3226c88a87f994489

Resubmissions

26-05-2024 13:42

240526-qz4s7age6w 8

Sharing

Copy URL

Twitter E-mail

General

Target

Celex-Crack-main.zip
Size

7.8MB
Sample

240526-qz4s7age6w
MD5

471d86d2e84924c6a54755af340660d7
SHA1

e3925b9d43cc7490b716becd842858de44e95cd1
SHA256

52b76346d02c11ce533e09dc8f5646f8e65b22b04e1298c3226c88a87f994489
SHA512

4c1d058a52b51ca7c5892482861b25d50f4f850913680d4f59417e680d99d1de46b75b87a85105a1e662bedcafe830c01fa2503df3e2015ca9d706bcf4a11dbb
SSDEEP

196608:QhagIlkgDZNDVvtFHj8ZNW0ief6xSr8vaB2o:AIlkgDZNZlV8ZNyef6xSrKFo

Score

8^/10

Malware Config

Targets

- Target
  
  Celex-Crack-main.zip
- Size
  
  7.8MB
- MD5
  
  471d86d2e84924c6a54755af340660d7
- SHA1
  
  e3925b9d43cc7490b716becd842858de44e95cd1
- SHA256
  
  52b76346d02c11ce533e09dc8f5646f8e65b22b04e1298c3226c88a87f994489
- SHA512
  
  4c1d058a52b51ca7c5892482861b25d50f4f850913680d4f59417e680d99d1de46b75b87a85105a1e662bedcafe830c01fa2503df3e2015ca9d706bcf4a11dbb
- SSDEEP
  
  196608:QhagIlkgDZNDVvtFHj8ZNW0ief6xSr8vaB2o:AIlkgDZNZlV8ZNyef6xSrKFo
Score

1^/10
behavioral1 behavioral2
- Target
  
  Celex-Crack-main/Adobe_Premiere_Pro.exe
- Size
  
  7.9MB
- MD5
  
  afe4dadf636a6fa80f3741b5fa1016db
- SHA1
  
  645cf17883b7c6b03cfa802b4490c33111f25113
- SHA256
  
  1ac3aa61430be26964ecefb673cb580d3a97ef45ebc54670a7527e9a03759bdb
- SHA512
  
  9c1ec3a4d4a43ad052b2bf1e8d7c51e679f614e9cc48db02c75474704a47d26409093efdd31e0a0e70706c647635b2ad3e771ab761ad7be9d22eb569748afc9b
- SSDEEP
  
  196608:HM5Qsg5OQDbT/9bvLz3S1bA329OqtolYHCL:Ug5OQDbTlj3S1bO29OqtCjL
Score

8^/10

upx execution spyware stealer
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral3 behavioral4
- Target
  
  stub-o.pyc
- Size
  
  114KB
- MD5
  
  5a4a226dba4b705346900bc3e7640320
- SHA1
  
  decd95d4c419ecb4eb5ff48bfc0367cfa08f1e6d
- SHA256
  
  5716894da8af8ff97c3e09cf19dcaed63feb59914026c3fd89ced79ced83e2fa
- SHA512
  
  c8beed15a89fe061047251ede2c64b166a260d284788f970d508fbafd849f4493c06105392f9da96fbcd985edb2c98b0cff793a23d02f1254d8e59802748792f
- SSDEEP
  
  3072:UPUJVyUkznGFpktlgYCdDfh2aeJwomcjcfGU6S:U0obnGFCgRD52L1hYeU6S
Score

3^/10
behavioral5 behavioral6
- Target
  
  Celex-Crack-main/LICENSE.txt
- Size
  
  1KB
- MD5
  
  dfb1b490080d1aae0067e35550910c4d
- SHA1
  
  d88c7c5224c1139118602158ad1d0217210780b0
- SHA256
  
  147a3761456127bcb8ada2c34728a301d01acd316946aad7d605c3a9ce37e6f2
- SHA512
  
  fdc9ca8a46d62acb3f68d4800cb98198d4b740cd728fea2a2e74426f4e177605e0faa36c111ec8e84546728800f16ee056ea34f4c57ff5098b7c052d10cfa7d4
Score

1^/10
behavioral7 behavioral8
- Target
  
  Celex-Crack-main/README.md
- Size
  
  178B
- MD5
  
  7608ae808b7b4bef6b5b7968b06bf360
- SHA1
  
  7065483b6c1dfa40ed9253349ddfe87a31a1ceae
- SHA256
  
  784fe10d7980bf41c6a7ae39a6a8fd48cc0e79bf2363e659e1ecb55195af65b5
- SHA512
  
  e9d6e5f645fae9f4eca88c54c9713efbd697b77e002da38c79c2bc31be8ab42ce0c16b2bfd3d7a95c2acd8b15bc66949760cd7e66c27407e16d8ee7a670a6d31
Score

3^/10
behavioral10 behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Command and Scripting Interpreter: PowerShell

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

UPX packed file

Accesses cryptocurrency files/wallets, possible credential harvesting

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10