Overview

overview

10

Static

static

10

Celex.exe

windows7-x64

Celex.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Celex.exe

  • Size

    37KB

  • Sample

    241202-sveplszlbv

  • MD5

    502c8a1e9ebf182539816cd73e6fb745

  • SHA1

    6d9b0ef9538c91b2546b6f07015769887a77b08b

  • SHA256

    1baf26fadab02970d6f09a9711944ed069d32577f1e0da07967e93f71bb7efb8

  • SHA512

    f197f8eb4bb4ddcd11221f066c367dcdf722e72b45efb1cbf80b5ba2db9a04a0d9d10e5a642eb879d1cc184476729765426c5dde9ff69066179a2bc8fe747ad0

  • SSDEEP

    384:StP97LsikX9zNf/1uyU7/I3/9sWAnurAF+rMRTyN/0L+EcoinblneHQM3epzXDJv:UPlil1lU7/I1dAurM+rMRa8NupJVt

Score
10/10
njrathackeddiscoveryevasionpersistenceprivilege_escalation

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

cnet-contracting.gl.at.ply.gg:10206

Mutex

75abea513d28c0a460d17926e773d91a

Attributes
  • reg_key

    75abea513d28c0a460d17926e773d91a

  • splitter

    |'|'|

Targets

    • Target

      Celex.exe

    • Size

      37KB

    • MD5

      502c8a1e9ebf182539816cd73e6fb745

    • SHA1

      6d9b0ef9538c91b2546b6f07015769887a77b08b

    • SHA256

      1baf26fadab02970d6f09a9711944ed069d32577f1e0da07967e93f71bb7efb8

    • SHA512

      f197f8eb4bb4ddcd11221f066c367dcdf722e72b45efb1cbf80b5ba2db9a04a0d9d10e5a642eb879d1cc184476729765426c5dde9ff69066179a2bc8fe747ad0

    • SSDEEP

      384:StP97LsikX9zNf/1uyU7/I3/9sWAnurAF+rMRTyN/0L+EcoinblneHQM3epzXDJv:UPlil1lU7/I1dAurM+rMRa8NupJVt

    Score
    8/10
    discoveryevasionpersistenceprivilege_escalation

    • Disables RegEdit via registry modification

      evasion

    • Disables Task Manager via registry modification

      evasion

    • Modifies Windows Firewall

      evasion
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks