General

  • Target

    Celesty.zip

  • Size

    58KB

  • Sample

    240224-ptscjace31

  • MD5

    fedc3a27375f81cd890d658678e07058

  • SHA1

    b08bf3e9df71d4b8c1f37843a122a205b16c52f5

  • SHA256

    e2098968949c37b9ccdfe772dd68325316720840fc6c9e7b014fbf2ba51c7425

  • SHA512

    dfabe2fcd27f091dccc9336d5e2a9ff587385332fce2e5244aa2f7dbe65f79f7d8007ee5bbfeca4948ef4e57200f3855b0d7f758774bc80d02abbd6585081344

  • SSDEEP

    1536:v8PXjrrvnnB+F5bpYlm6VZMXErniTsVIkjgLpau5dt:czfq5bpYl7/MXETLgLpau5dt

Malware Config

Extracted

Family

warzonerat

C2

su8z3r0.myvnc.com:9876

Targets

    • Target

      Celesty/Celesty Binder v1 0 .exe

    • Size

      94KB

    • MD5

      48b8111a615d7c128bdbee812e202485

    • SHA1

      18609579af28054974db5bb2ce48e931f662eb91

    • SHA256

      7e6770f76a63eb2ab3cc1bdf182f051a17e906d26edb1a4749bb229d49d22711

    • SHA512

      d6386be8e1958c6a8d7a000f19d3eec5a706e35137eed38e064a5e16b0036a6a4a948ff8495b25c44acd4d571dac8eea08405d68e0d592d128cefdbffe7ce183

    • SSDEEP

      1536:yM0uLSeZI5SnSaYXg3zD0aU9HsFRWol0zBTQ:7bmB5SdHMMFRNl0z

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Warzone RAT payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks