Overview

overview

7

Static

static

3

CelexV2.exe

windows10-1703-x64

7

CelexV2.exe

windows7-x64

7

CelexV2.exe

windows10-2004-x64

7

CelexV2.exe

windows11-21h2-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    CelexV2.exe

  • Size

    9.9MB

  • Sample

    240709-yrgbxssfpn

  • MD5

    dc8fa84f708a65dd2aa450a8b2c47a13

  • SHA1

    1632020b670e36d6b17c030796c6992d5841cbe1

  • SHA256

    1de3091a03c2257471d993468dce83884707f8aa7cafccec6e8d4794ed19fa64

  • SHA512

    6239edd353e5f93125ae9a7a2e9537ef64d784d53a450796f562cd4573060efd02a7126642a239b20caabf3253cc774ed5a2cf0e2f6d284c4244ebb9e1be7542

  • SSDEEP

    196608:3vEkh1kb5RYqQ1W903eV4QRM993iObMAR1jQmGYuuLmbrig91P+kl:/Ekh2FG1W+eGQRe93iObLRS/MLOriMnl

Score
7/10
pyinstallerspywarestealer

Malware Config

Targets

    • Target

      CelexV2.exe

    • Size

      9.9MB

    • MD5

      dc8fa84f708a65dd2aa450a8b2c47a13

    • SHA1

      1632020b670e36d6b17c030796c6992d5841cbe1

    • SHA256

      1de3091a03c2257471d993468dce83884707f8aa7cafccec6e8d4794ed19fa64

    • SHA512

      6239edd353e5f93125ae9a7a2e9537ef64d784d53a450796f562cd4573060efd02a7126642a239b20caabf3253cc774ed5a2cf0e2f6d284c4244ebb9e1be7542

    • SSDEEP

      196608:3vEkh1kb5RYqQ1W903eV4QRM993iObMAR1jQmGYuuLmbrig91P+kl:/Ekh2FG1W+eGQRe93iObLRS/MLOriMnl

    Score
    7/10
    spywarestealer

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks