General
-
Target
Celery.zip
-
Size
17.7MB
-
Sample
240428-vne3xace45
-
MD5
ebab6d8c1f5b0e050573ec0703438266
-
SHA1
a3029b01a075c714ed73af1752d481c1ac63c84c
-
SHA256
12c168aed059a8a916b002d184c26825f4934f6e5d9f8cdd0a0ac46b8d3c85ba
-
SHA512
ad6dfa9cdfb70dfac457bb3bd51b0ac2f2bda23be97659870a5248f93718fcecc73e8597a23c8dddc0eb778965e4bf0431b563f5abc976aefa1a339e942e135d
-
SSDEEP
393216:cwYtevhjwk+4HPAx6gfkXC6fT+op9coKmwJ8YshuR:cwCev2+Hi6gQqaOoKQYQuR
Behavioral task
behavioral1
Sample
Celery/Celery Bootstrapper.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
Celery/Celery Bootstrapper.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
cstealer.pyc
Resource
win7-20240220-en
Behavioral task
behavioral4
Sample
cstealer.pyc
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
Celery/Celery Bootstrapper.exe
-
Size
17.9MB
-
MD5
ee549f861f00948e1c7d27d90e4b1451
-
SHA1
168333c44730a78364cf5a53e1e1aa4417015e95
-
SHA256
b8a94ec520ce7ff4f23827f1898317de865c8f3f8b46b955209b2295d071e48a
-
SHA512
48e3fdaa3c3d8f2ebd3fa3f57d7c2c6dca51e6ec8e7692118604f2ba4d88d426e43d96059d8aff939cfd49a834b58223f50d110330578642c089736a2545f6ad
-
SSDEEP
393216:UEklQR+Tfk9dM/ISpInEroXq14S2Mn8MKNLPnGuMsMbXu:U9Q4TfkT6ISKErUlqFeLPnWsku
-
Drops startup file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
cstealer.pyc
-
Size
39KB
-
MD5
8c90ffe525d980a3115be90a6a275a2d
-
SHA1
8bab4eec2c508a8735bb218affbf0e83f8bd9cb7
-
SHA256
450a0bdf0c033773d23c4e163ce7022addd8a7650e14e8371d3c4b832ece2b79
-
SHA512
29f5615b0eb37756b57052f9efa296d6543a654ebe84d88dd529df9c45358312edae916378b04a4852218fde7395141ba314c1aa408029edeea43f6af4a7586f
-
SSDEEP
768:fu46JcMk17WnMGF+5JsylM3jprKBBbxoZUM4PqVfqrY9Wygqxie3HrKl4HYiBeHP:FgdkW0JsyC3F6OUM6qVirY9WygWiMujP
Score3/10 -