General
-
Target
CelexRevamped.rar
-
Size
5.8MB
-
Sample
240531-k9h2ksdc6y
-
MD5
3233fa80944fb96d51525f8e830fad52
-
SHA1
2b691b28f97542ec49e2403ead8a8c7ba5a49f9c
-
SHA256
1726b5a2c9462c1d2e2ea2f3a9dd2332e4f72dbeb0cbf1f30afc2ad0a3ef2f3a
-
SHA512
505c34530c0a73cd03615492f0c2ea088a8d96bd944315aef16e77835b25e8a3ec97a7f33561acb7c3d5390bca63398a401d2e2ab09bc46dfe91e6a4a7d7436e
-
SSDEEP
98304:+lDFux0ksnlfE/8BthRG9+JJlOiBObsu5O6lT9h5UuDQ5iYjw9suvdEw:0DFuxlsntttu9/YOIQ9h5UfsYMxvdEw
Behavioral task
behavioral1
Sample
CelexRevamped.rar
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
CelexRevamped.rar
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
CelexRevamped1.2/CELEX/cheeto.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
CelexRevamped.rar
-
Size
5.8MB
-
MD5
3233fa80944fb96d51525f8e830fad52
-
SHA1
2b691b28f97542ec49e2403ead8a8c7ba5a49f9c
-
SHA256
1726b5a2c9462c1d2e2ea2f3a9dd2332e4f72dbeb0cbf1f30afc2ad0a3ef2f3a
-
SHA512
505c34530c0a73cd03615492f0c2ea088a8d96bd944315aef16e77835b25e8a3ec97a7f33561acb7c3d5390bca63398a401d2e2ab09bc46dfe91e6a4a7d7436e
-
SSDEEP
98304:+lDFux0ksnlfE/8BthRG9+JJlOiBObsu5O6lT9h5UuDQ5iYjw9suvdEw:0DFuxlsntttu9/YOIQ9h5UfsYMxvdEw
Score3/10 -
-
-
Target
CelexRevamped1.2/CELEX/cheeto.exe
-
Size
6.0MB
-
MD5
a32eec348823d1a8ca4d347a3a3396e5
-
SHA1
baa754deda31198fd6a189674edd63230322c7ba
-
SHA256
46dd5e44c1dbf7a0fa1eed66990741b539c1cd6cb1ff3619d1d4a75068d159c7
-
SHA512
37650946c296a365422b3c76b573a0d6c62337762049b3377fe314ff1db4626b91a7622f3088a3db359b63165758524ace1647cfb48c90b3e5d4aa2cb9507b8f
-
SSDEEP
98304:ZrA4EtdFByHamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RJBMnH3ScU:ZrA/FMqeN/FJMIDJf0gsAGK4RJunVU
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-