General
-
Target
celex.exe
-
Size
5.0MB
-
Sample
241123-wah33sypcv
-
MD5
e7ab71e0cedaf6425702fbb0ca384120
-
SHA1
c48fc88a2d450e7555326e4af55047971fa139a6
-
SHA256
23836bd1632860095a96b0ea89114ce74545ae0efcc75c56904cd42fc5a7c0ad
-
SHA512
6bc7255006680803cb669034729d27b9e9073688f70d325d43493f37c3b8c1ab6bb7fdcd99324d28d66161308483d0a592de4bb69a5d2c0da5b4db296450713c
-
SSDEEP
98304:UomKE8ZhL/axphPzgkVbzW4FAu4vnhnrSSfvNAEp04U7/ywK53:gKE8LL4p8u4vh+ENq4U7Vm
Malware Config
Targets
-
-
Target
celex.exe
-
Size
5.0MB
-
MD5
e7ab71e0cedaf6425702fbb0ca384120
-
SHA1
c48fc88a2d450e7555326e4af55047971fa139a6
-
SHA256
23836bd1632860095a96b0ea89114ce74545ae0efcc75c56904cd42fc5a7c0ad
-
SHA512
6bc7255006680803cb669034729d27b9e9073688f70d325d43493f37c3b8c1ab6bb7fdcd99324d28d66161308483d0a592de4bb69a5d2c0da5b4db296450713c
-
SSDEEP
98304:UomKE8ZhL/axphPzgkVbzW4FAu4vnhnrSSfvNAEp04U7/ywK53:gKE8LL4p8u4vh+ENq4U7Vm
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-