Overview
overview
10Static
static
10CelexCracked.rar
windows7-x64
3CelexCracked.rar
windows10-2004-x64
3CelexCrack...ed.exe
windows7-x64
7CelexCrack...ed.exe
windows10-2004-x64
9discord_to...er.pyc
windows7-x64
3discord_to...er.pyc
windows10-2004-x64
3get_cookies.pyc
windows7-x64
3get_cookies.pyc
windows10-2004-x64
3misc.pyc
windows7-x64
3misc.pyc
windows10-2004-x64
3passwords_grabber.pyc
windows7-x64
3passwords_grabber.pyc
windows10-2004-x64
3source_prepared.pyc
windows7-x64
3source_prepared.pyc
windows10-2004-x64
3CelexCrack...ol.txt
windows7-x64
1CelexCrack...ol.txt
windows10-2004-x64
1General
-
Target
CelexCracked.rar
-
Size
78.1MB
-
Sample
240705-dfmpcatbra
-
MD5
cbf4aebac3872bd49090b6eaf068278f
-
SHA1
432e83834f33d4cb57291ce1f36a318e1a9e1041
-
SHA256
59f1c83d17ea02c6c8d315617f5382c49c485a149df41843d19e1d4c02f7fcaa
-
SHA512
da4d106b0115e24d6957c90c73d799bdf452c694bed1e760a01b0706dfb78d5161b7826058f995cec639a41c46eb85c54017102d7b3e2b1f67427183eb3e7fa0
-
SSDEEP
1572864:g3jVGpeudTf+SSJQwf5bn29Z4AjSGKU19Wjww2xWY6fqPo+ztCXX1zrydn69tux:MjVGEuRf+fQwfwaESHcy2xWY6ooCet+h
Behavioral task
behavioral1
Sample
CelexCracked.rar
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
CelexCracked.rar
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
CelexCracked/CelexCracked.exe
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
CelexCracked/CelexCracked.exe
Resource
win10v2004-20240704-en
Behavioral task
behavioral5
Sample
discord_token_grabber.pyc
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
discord_token_grabber.pyc
Resource
win10v2004-20240704-en
Behavioral task
behavioral7
Sample
get_cookies.pyc
Resource
win7-20240220-en
Behavioral task
behavioral8
Sample
get_cookies.pyc
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
misc.pyc
Resource
win7-20240704-en
Behavioral task
behavioral10
Sample
misc.pyc
Resource
win10v2004-20240704-en
Behavioral task
behavioral11
Sample
passwords_grabber.pyc
Resource
win7-20240704-en
Behavioral task
behavioral12
Sample
passwords_grabber.pyc
Resource
win10v2004-20240704-en
Behavioral task
behavioral13
Sample
source_prepared.pyc
Resource
win7-20240704-en
Behavioral task
behavioral14
Sample
source_prepared.pyc
Resource
win10v2004-20240704-en
Behavioral task
behavioral15
Sample
CelexCracked/cracked by Sol.txt
Resource
win7-20240704-en
Behavioral task
behavioral16
Sample
CelexCracked/cracked by Sol.txt
Resource
win10v2004-20240704-en
Malware Config
Targets
-
-
Target
CelexCracked.rar
-
Size
78.1MB
-
MD5
cbf4aebac3872bd49090b6eaf068278f
-
SHA1
432e83834f33d4cb57291ce1f36a318e1a9e1041
-
SHA256
59f1c83d17ea02c6c8d315617f5382c49c485a149df41843d19e1d4c02f7fcaa
-
SHA512
da4d106b0115e24d6957c90c73d799bdf452c694bed1e760a01b0706dfb78d5161b7826058f995cec639a41c46eb85c54017102d7b3e2b1f67427183eb3e7fa0
-
SSDEEP
1572864:g3jVGpeudTf+SSJQwf5bn29Z4AjSGKU19Wjww2xWY6fqPo+ztCXX1zrydn69tux:MjVGEuRf+fQwfwaESHcy2xWY6ooCet+h
Score3/10 -
-
-
Target
CelexCracked/CelexCracked.exe
-
Size
81.1MB
-
MD5
e2e6af6f6f3436fdf10412424be65157
-
SHA1
75f21276b035e86b9de02b444ab1f37faedd9dab
-
SHA256
dace392c74b011056f4e690925476706f0d37fd676f4f37886ec931d79ee84a9
-
SHA512
04e074d00805d5d5735fa388f53d1d7bdeb76dea2df955e99c1d72404836f41773a9ac4fbb10c2c0e25cd9999264418fed430cba1b5498d1b02ef80280d5c623
-
SSDEEP
1572864:bvxZQgl8ySk8IpG7V+VPhqHDE7jblgA7iYgj+h58sMw8Wunbd3RR:bvxZx7SkB05awHaeA15wZ
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
discord_token_grabber.pyc
-
Size
17KB
-
MD5
db40ce247b464d3ac0d15080f22ce442
-
SHA1
eb10f081e16c9566f1b487d39eda3fb8fa4b0de5
-
SHA256
74475975b9fc2e15a1432b8e4930b6a8a25dd63511bbc2628ae81483dd569046
-
SHA512
c614c93d3ad758bfe1155864328626b98900e95e06c504641f0286ee40e4e0e24eb4d83b06af576e7799d517aae8404f5c9acdc64315c594319c29e13a77b81e
-
SSDEEP
384:cGllyAavwW9FaOx817PPQviowoYbCj+MoGWTd0Da8:cIlytvN9oOx8JnQ6owoYOyMImDa8
Score3/10 -
-
-
Target
get_cookies.pyc
-
Size
10KB
-
MD5
ddc40a1cee51500039f5c98ef7b1d3c9
-
SHA1
1e65cf0d7acb74e429844d2ee5b2d39369d17750
-
SHA256
1201adef44d0ba8be86b7d4aa4e8f69f1f8f800522fa574291974a3b40250436
-
SHA512
c9a89f5fe6ef87d7d8ce63a59f87fd5684d91e5dccfda644d84a40d5316b85b9930e90f096f13e811f646da724bc267ac853c15e451a6888083d5ab0572f27db
-
SSDEEP
192:TzOCIeivQfUFPLqwOEVOFc1mNe47+S5zEzzzzz1zz+HoowAE:TzOUi4aFEe4KSPIAE
Score3/10 -
-
-
Target
misc.pyc
-
Size
5KB
-
MD5
fccbf8762a2d6e382b044d73c9969fbc
-
SHA1
9530b874a2fb37cef0bdbc13775d64400c6158b4
-
SHA256
bdadc8d5f54a135e4cad6dd398023cc5a8053619489b38d4b22e104215572f89
-
SHA512
359b92919a585e4191bceb029e05c9af95816fc023fd5d566d4a5d9fc88b216cace2fe54dacff65decb68d9ad724386467f367a4fadc68b648a44f5b14f84d20
-
SSDEEP
96:DSajAihmJG4n3B4SmSSSSlSSSShDwegPbbVxlj0oIHEDS5ejmw01k9Bddpq:eYAfn3ySmSSSSlSSSSeeOPVxx0oIHZeQ
Score3/10 -
-
-
Target
passwords_grabber.pyc
-
Size
8KB
-
MD5
1ca5633be35a5db415bc83be9852bf0e
-
SHA1
710a4da76579449bb0b45eecedd42aea82ba6b35
-
SHA256
07a93aa41dbdcd8962b2ad1fcbd7c1bf661130c1cf050a5a4ef6821d30893099
-
SHA512
9ac14821d21d9c7345b6cf51d9e1c31f908590fadca061ed4f5c50ea7cd28c92b169aa7985873876989e7108946090695a4c782d8251f5061d27cea7c2f35ccb
-
SSDEEP
192:+CE34EAL/GFf/PoXdLO23NsDmqFUhkxNivLI9dRvL:Y4EAL/AfsFO8NsxuOxNn
Score3/10 -
-
-
Target
source_prepared.pyc
-
Size
180KB
-
MD5
96fa06a3158c724d679bce6120d6bba9
-
SHA1
9a83a089b05933e154d75d9b6f613e413acb26b0
-
SHA256
266790e4221f2617a836529d3d2e2d554c41482651f617a761670784e9d3ea26
-
SHA512
dd15a1925ed5afa9121026c72cf9ed8059b5c4c785b55fa6997c7f037984ca31d83fe8bd04030fb37fbb4a1eb843fe56a7ec6e26183e795235bfe39c982308f3
-
SSDEEP
3072:SHyL76bA9KcGaoGjjE/ZoSdxZJEgMgdcnC2C8nW:T/6e+aoGXgoSjZJEgMgdcnPCz
Score3/10 -
-
-
Target
CelexCracked/cracked by Sol.txt
-
Size
28B
-
MD5
4aeb3df71e36445ee8da031f6e8319db
-
SHA1
bf3bf23f75da16947c65ed8a34d30ad5ff9c7d08
-
SHA256
3d0254f4879bc1d4a24be6dce47352a7215f716dde44ff5dd5da922610d7ef5c
-
SHA512
47f789c553c1e92d4c7e5ccb1aa5db69de522f39b484bc142147223354c107f77532364b629c8b54dec6aa4f43d502864be147efa1df1d4d1a2ce7f156f6559f
Score1/10 -
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Virtualization/Sandbox Evasion
1Hide Artifacts
2Hidden Files and Directories
2Modify Registry
1