General
-
Target
Celesty.zip
-
Size
58KB
-
Sample
240224-ptscjace31
-
MD5
fedc3a27375f81cd890d658678e07058
-
SHA1
b08bf3e9df71d4b8c1f37843a122a205b16c52f5
-
SHA256
e2098968949c37b9ccdfe772dd68325316720840fc6c9e7b014fbf2ba51c7425
-
SHA512
dfabe2fcd27f091dccc9336d5e2a9ff587385332fce2e5244aa2f7dbe65f79f7d8007ee5bbfeca4948ef4e57200f3855b0d7f758774bc80d02abbd6585081344
-
SSDEEP
1536:v8PXjrrvnnB+F5bpYlm6VZMXErniTsVIkjgLpau5dt:czfq5bpYl7/MXETLgLpau5dt
Behavioral task
behavioral1
Sample
Celesty/Celesty Binder v1 0 .exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Celesty/Celesty Binder v1 0 .exe
Resource
win10v2004-20240221-en
Malware Config
Extracted
warzonerat
su8z3r0.myvnc.com:9876
Targets
-
-
Target
Celesty/Celesty Binder v1 0 .exe
-
Size
94KB
-
MD5
48b8111a615d7c128bdbee812e202485
-
SHA1
18609579af28054974db5bb2ce48e931f662eb91
-
SHA256
7e6770f76a63eb2ab3cc1bdf182f051a17e906d26edb1a4749bb229d49d22711
-
SHA512
d6386be8e1958c6a8d7a000f19d3eec5a706e35137eed38e064a5e16b0036a6a4a948ff8495b25c44acd4d571dac8eea08405d68e0d592d128cefdbffe7ce183
-
SSDEEP
1536:yM0uLSeZI5SnSaYXg3zD0aU9HsFRWol0zBTQ:7bmB5SdHMMFRNl0z
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-