12c168aed059a8a916b002d184c26825f4934f6e5d9f8cdd0a0ac46b8d3c85ba | Triage

Resubmissions

28-04-2024 17:10

240428-vp2nascg6x 7

28-04-2024 17:07

240428-vne3xace45 7

Sharing

General

Target

Celery.zip
Size

17.7MB
Sample

240428-vne3xace45
MD5

ebab6d8c1f5b0e050573ec0703438266
SHA1

a3029b01a075c714ed73af1752d481c1ac63c84c
SHA256

12c168aed059a8a916b002d184c26825f4934f6e5d9f8cdd0a0ac46b8d3c85ba
SHA512

ad6dfa9cdfb70dfac457bb3bd51b0ac2f2bda23be97659870a5248f93718fcecc73e8597a23c8dddc0eb778965e4bf0431b563f5abc976aefa1a339e942e135d
SSDEEP

393216:cwYtevhjwk+4HPAx6gfkXC6fT+op9coKmwJ8YshuR:cwCev2+Hi6gQqaOoKQYQuR

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  Celery/Celery Bootstrapper.exe
- Size
  
  17.9MB
- MD5
  
  ee549f861f00948e1c7d27d90e4b1451
- SHA1
  
  168333c44730a78364cf5a53e1e1aa4417015e95
- SHA256
  
  b8a94ec520ce7ff4f23827f1898317de865c8f3f8b46b955209b2295d071e48a
- SHA512
  
  48e3fdaa3c3d8f2ebd3fa3f57d7c2c6dca51e6ec8e7692118604f2ba4d88d426e43d96059d8aff939cfd49a834b58223f50d110330578642c089736a2545f6ad
- SSDEEP
  
  393216:UEklQR+Tfk9dM/ISpInEroXq14S2Mn8MKNLPnGuMsMbXu:U9Q4TfkT6ISKErUlqFeLPnWsku
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2
- Target
  
  cstealer.pyc
- Size
  
  39KB
- MD5
  
  8c90ffe525d980a3115be90a6a275a2d
- SHA1
  
  8bab4eec2c508a8735bb218affbf0e83f8bd9cb7
- SHA256
  
  450a0bdf0c033773d23c4e163ce7022addd8a7650e14e8371d3c4b832ece2b79
- SHA512
  
  29f5615b0eb37756b57052f9efa296d6543a654ebe84d88dd529df9c45358312edae916378b04a4852218fde7395141ba314c1aa408029edeea43f6af4a7586f
- SSDEEP
  
  768:fu46JcMk17WnMGF+5JsylM3jprKBBbxoZUM4PqVfqrY9Wygqxie3HrKl4HYiBeHP:FgdkW0JsyC3F6OUM6qVirY9WygWiMujP
Score

3^/10
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4