General
-
Target
CeleryInstaller.exe
-
Size
10.1MB
-
Sample
230612-3h3wsaeg2w
-
MD5
fd23d97b78d51034a86526de77ba47ca
-
SHA1
bb83b7a2c1c86a3af35e08423cd5baf5bfed501d
-
SHA256
39bc9e4b9ceb41eac7d35106aadf27e6565157f7dc5a3e7bef7bf11bfd08e8ce
-
SHA512
9fe77b20854f39a6c3d920d2de0597e18127adfff1dc9fa5adb33d137cc12253e84b8091cf3e3ebe31d153f7b4641371872e4b2dd6a84b947cc174ad896e9e92
-
SSDEEP
98304:AoTazw5obx71Iowg4i/bFqYTpGnVvd+0:bTazwIx71IowgTbFqepGV1+0
Static task
static1
Behavioral task
behavioral1
Sample
CeleryInstaller.exe
Resource
win10-20230220-es
Malware Config
Extracted
C:\Users\Admin\Downloads\@Please_Read_Me@.txt
wannacry
12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw
Targets
-
-
Target
CeleryInstaller.exe
-
Size
10.1MB
-
MD5
fd23d97b78d51034a86526de77ba47ca
-
SHA1
bb83b7a2c1c86a3af35e08423cd5baf5bfed501d
-
SHA256
39bc9e4b9ceb41eac7d35106aadf27e6565157f7dc5a3e7bef7bf11bfd08e8ce
-
SHA512
9fe77b20854f39a6c3d920d2de0597e18127adfff1dc9fa5adb33d137cc12253e84b8091cf3e3ebe31d153f7b4641371872e4b2dd6a84b947cc174ad896e9e92
-
SSDEEP
98304:AoTazw5obx71Iowg4i/bFqYTpGnVvd+0:bTazwIx71IowgTbFqepGV1+0
-
Downloads MZ/PE file
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Sets desktop wallpaper using registry
-