General
-
Target
Celery Bootstrapper.exe
-
Size
204KB
-
Sample
240501-nbgmmsde4w
-
MD5
02b71a38b3d55018b7f5c316543d5a8f
-
SHA1
c214652b538e94b19204e83e54483d911921d72a
-
SHA256
9e37c85517f2475ecb79759df8a479ac1ca0c1dc788bd961e55001adf3ee4004
-
SHA512
489de9c196ddd4cc92b3e3d9d20945c74cf3d0839940d0a2db88ab32bddf55e822c53f2c98034698eff72a28cc0da8b35527a8e5f9c3995109f68f0e323473fd
-
SSDEEP
1536:f2WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+/PId+ovpfCfRRuaLgv+y1C3qzkn1:fZv5PDwbjNrmAE+HIMu2RuJGxB4RM
Behavioral task
behavioral1
Sample
Celery Bootstrapper.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
Celery Bootstrapper.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
discordrat
-
discord_token
MTE1NzU5MjUzOTQyODMwNzA2NA.Gco7Ft.BhtXaKRPsK-ZaaFbpomOTsGS41VToi1-dZqMqM
-
server_id
1165103369547939933
Targets
-
-
Target
Celery Bootstrapper.exe
-
Size
204KB
-
MD5
02b71a38b3d55018b7f5c316543d5a8f
-
SHA1
c214652b538e94b19204e83e54483d911921d72a
-
SHA256
9e37c85517f2475ecb79759df8a479ac1ca0c1dc788bd961e55001adf3ee4004
-
SHA512
489de9c196ddd4cc92b3e3d9d20945c74cf3d0839940d0a2db88ab32bddf55e822c53f2c98034698eff72a28cc0da8b35527a8e5f9c3995109f68f0e323473fd
-
SSDEEP
1536:f2WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+/PId+ovpfCfRRuaLgv+y1C3qzkn1:fZv5PDwbjNrmAE+HIMu2RuJGxB4RM
Score10/10-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Downloads MZ/PE file
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-