General
-
Target
Celery.rar
-
Size
10.0MB
-
Sample
240418-twdz5she52
-
MD5
73faee0a21e60120a2b839cc35c29263
-
SHA1
b12d8ae01e6e031dc2a7e740dfc66e4622ba0345
-
SHA256
9e8a95a7453aae2e6ba52928cf4daf92957c7c85d3f256302182c37749e131e2
-
SHA512
dcc06d97cabe304af934e697930ebae22d10f358e496f5a5b58924cef7fca4973c17b46440672120f5a47e915e3e45e6914d9ffbf5a2a75f88b0b464ed1a77f7
-
SSDEEP
196608:j/6R3rd4ewR5Ilnucyvsdg/KsjmIA1dO1zi8B2/HsIVtjcZa0Ji3O:Do3rz6KubUsKEFA1Mzi8B2/HsOtjN4i+
Behavioral task
behavioral1
Sample
Celery/Celery Launcher.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
Celery/Celery Launcher.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
Celery/Celery Launcher.exe
-
Size
287.0MB
-
MD5
feaef80a175e24dbf45cb0f3561f4891
-
SHA1
dd8652d5623aec0e0de66f50df8d75c3cb54e050
-
SHA256
6b5c7a2136f31631e64960abe17dea5a4eccf9f40943f0f492bc397c8189d5a3
-
SHA512
218c01e342aead4a1094ee57344d29ecde0fbe8216d270ba376344790e0202eaea161be52e183c5442a45b55c657cf8340b6f027288ceaf790069f111994101d
-
SSDEEP
49152:Ght9sTkCObgYD//RcCHEDIpPmChB2iqUL7h5IGn:Ght9bCOblJcqIIJtMq5H
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-