6e5e09d126acb34a42d2b2d93c4eb17d5e345f728e3ac50f49c22dcdd0c422bb | Triage

Sharing

General

Target

Celex_V2.exe
Size

16.2MB
Sample

240530-d9lddaeb74
MD5

b7125b693faf3d149ab860f35acfe143
SHA1

fff42312791361b96461a5966c88dbdb1af95384
SHA256

6e5e09d126acb34a42d2b2d93c4eb17d5e345f728e3ac50f49c22dcdd0c422bb
SHA512

7734db46ad1cd4114f4e9cea5fb6ed223cc359880f39d78b3ceeafcaa1f3beae8f73ca5c8a2cc0542d89aad670206e22875cc3741996dfe905cc9ac1d272d91c
SSDEEP

393216:1u7L/sQQ+qPJWQsUcR4NzEInEroXq14S2Mn8hPWih:1CL0QJqPYQFnErUlqcWi

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  Celex_V2.exe
- Size
  
  16.2MB
- MD5
  
  b7125b693faf3d149ab860f35acfe143
- SHA1
  
  fff42312791361b96461a5966c88dbdb1af95384
- SHA256
  
  6e5e09d126acb34a42d2b2d93c4eb17d5e345f728e3ac50f49c22dcdd0c422bb
- SHA512
  
  7734db46ad1cd4114f4e9cea5fb6ed223cc359880f39d78b3ceeafcaa1f3beae8f73ca5c8a2cc0542d89aad670206e22875cc3741996dfe905cc9ac1d272d91c
- SSDEEP
  
  393216:1u7L/sQQ+qPJWQsUcR4NzEInEroXq14S2Mn8hPWih:1CL0QJqPYQFnErUlqcWi
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1