General
-
Target
Celery.zip
-
Size
12.1MB
-
Sample
240430-qtg28shg33
-
MD5
0eb92b71b07f0f5335bb7cac791dfbfa
-
SHA1
952f119649d2dcb1d21b9d5b93a0ec83a643fb0b
-
SHA256
33e0b1b407c8fc63c718216d34026c60f43dfe76bb04c380a63a585e7f92b228
-
SHA512
674768880af0b2a34a135cbab0f6c978d91e72f66e7c121dcc18a28fdb055e6e35aec4ef809854a702eac3aa5f53eb7cd80342dab26f92c82303877b6d58ef4f
-
SSDEEP
196608:nKaXzl19iVODuIpsIajbLlNEkLXOCfcwWNx1q1A3Y2EtrxZNbONaDCWNW+Lmu:KU9iVODuBIa/LlyELIW/bO7wLv
Behavioral task
behavioral1
Sample
Celery/Celery V1.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
Celery/Celery V1.exe
-
Size
800.0MB
-
MD5
abdf485a5bc69f25b1874b5820cdc932
-
SHA1
62a9f22f5dd232f9b75c8ca4fce4983c8c800aab
-
SHA256
0748a1c46b6ff4d406b95cd07895e9cdc7721d2fb24d62ec10c4273258901765
-
SHA512
066db062f466f0b593ccf539a4ccdb76b7202374e460d9bedad46c421d6aa3b83acba3dbfeef08682768de153f0d377d6478cc4bb16c989ee512fb58a0cddf28
-
SSDEEP
24576:NXtOM33QyjO1IjZSKKBOJJK9UhKoZmM/geEpK7Twuj7zFQ76i:BpLjrjZZrKxoZjaw7T9j7q
-
Detect ZGRat V1
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-