Resubmissions

31-05-2024 09:17

240531-k9h2ksdc6y 10

31-05-2024 09:15

240531-k8bacadh97 10

General

  • Target

    CelexRevamped.rar

  • Size

    5.8MB

  • Sample

    240531-k9h2ksdc6y

  • MD5

    3233fa80944fb96d51525f8e830fad52

  • SHA1

    2b691b28f97542ec49e2403ead8a8c7ba5a49f9c

  • SHA256

    1726b5a2c9462c1d2e2ea2f3a9dd2332e4f72dbeb0cbf1f30afc2ad0a3ef2f3a

  • SHA512

    505c34530c0a73cd03615492f0c2ea088a8d96bd944315aef16e77835b25e8a3ec97a7f33561acb7c3d5390bca63398a401d2e2ab09bc46dfe91e6a4a7d7436e

  • SSDEEP

    98304:+lDFux0ksnlfE/8BthRG9+JJlOiBObsu5O6lT9h5UuDQ5iYjw9suvdEw:0DFuxlsntttu9/YOIQ9h5UfsYMxvdEw

Malware Config

Targets

    • Target

      CelexRevamped.rar

    • Size

      5.8MB

    • MD5

      3233fa80944fb96d51525f8e830fad52

    • SHA1

      2b691b28f97542ec49e2403ead8a8c7ba5a49f9c

    • SHA256

      1726b5a2c9462c1d2e2ea2f3a9dd2332e4f72dbeb0cbf1f30afc2ad0a3ef2f3a

    • SHA512

      505c34530c0a73cd03615492f0c2ea088a8d96bd944315aef16e77835b25e8a3ec97a7f33561acb7c3d5390bca63398a401d2e2ab09bc46dfe91e6a4a7d7436e

    • SSDEEP

      98304:+lDFux0ksnlfE/8BthRG9+JJlOiBObsu5O6lT9h5UuDQ5iYjw9suvdEw:0DFuxlsntttu9/YOIQ9h5UfsYMxvdEw

    Score
    3/10
    • Target

      CelexRevamped1.2/CELEX/cheeto.exe

    • Size

      6.0MB

    • MD5

      a32eec348823d1a8ca4d347a3a3396e5

    • SHA1

      baa754deda31198fd6a189674edd63230322c7ba

    • SHA256

      46dd5e44c1dbf7a0fa1eed66990741b539c1cd6cb1ff3619d1d4a75068d159c7

    • SHA512

      37650946c296a365422b3c76b573a0d6c62337762049b3377fe314ff1db4626b91a7622f3088a3db359b63165758524ace1647cfb48c90b3e5d4aa2cb9507b8f

    • SSDEEP

      98304:ZrA4EtdFByHamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RJBMnH3ScU:ZrA/FMqeN/FJMIDJf0gsAGK4RJunVU

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks