dd98100e3311787bf2f815552c9ac348c0d903849fba025eda2c5a0deec95902

Sharing

Copy URL

Twitter E-mail

General

Target

Debug.zip
Size

25.6MB
Sample

240515-yehn8agh62
MD5

e1771579691287180aad10b698b8679d
SHA1

a2af08015a3b6827dfda96a664986650eaa13feb
SHA256

dd98100e3311787bf2f815552c9ac348c0d903849fba025eda2c5a0deec95902
SHA512

cf419f9fe5d0e17d08ad6eab08726fa1d5889d411a25199b4cef58d6b05adea217737291856f37df8f075867ea2dee7267e17e4bc5ed2f0d62c4baadb0b4483d
SSDEEP

786432:rxLROZXdpch44EfYbQkbC1V+iU9nO8gQzuc:JRoXdGyfY5NRdgQz5

Score

8^/10

Malware Config

Targets

- Target
  
  Debug/CeleryAPI.dll
- Size
  
  21KB
- MD5
  
  99a217bdc8c685c3b0a319d9ea8a14db
- SHA1
  
  4033ddd18b8050575fdc6c59476469e681c6a5d2
- SHA256
  
  77d28d642ae0933ae522351fdb0b610045bbbf7911cfc8d8febbdea981a4ca19
- SHA512
  
  2675b79714d748339bc041508c4ace30ea5a19e931f1b85ca3010e2642e3859c5089763a54346d02da7788b8daa3500664b3e471be63c5c6282e242272a8bdf5
- SSDEEP
  
  384:V5hMn/3zqAaomvdkf0azg5mnUXHU6BV7rFY+EJs325Kc:I/zBCClNUX0e7Z835n
Score

1^/10
behavioral1
- Target
  
  Debug/FastColoredTextBox.dll
- Size
  
  323KB
- MD5
  
  8610f4d3cdc6cc50022feddced9fdaeb
- SHA1
  
  4b60b87fd696b02d7fce38325c7adfc9e806f650
- SHA256
  
  ac926c92ccfc3789a5ae571cc4415eb1897d500a79604d8495241c19acdf01b9
- SHA512
  
  693d1af1f89470eab659b4747fe344836affa0af8485b0c0635e2519815e5a498f4618ea08db9dcf421aac1069a04616046207ee05b9ed66c0a1c4a8f0bddd09
- SSDEEP
  
  6144:0R0J4lx4/7BA4xvNdcwCOg04j0y5mwZkdmsqmLDi5eNH+Dl1SIP0:0R0J48lAovNd7CO34D4b4eNO
Score

1^/10
behavioral2
- Target
  
  Debug/Newtonsoft.Json.dll
- Size
  
  685KB
- MD5
  
  081d9558bbb7adce142da153b2d5577a
- SHA1
  
  7d0ad03fbda1c24f883116b940717e596073ae96
- SHA256
  
  b624949df8b0e3a6153fdfb730a7c6f4990b6592ee0d922e1788433d276610f3
- SHA512
  
  2fdf035661f349206f58ea1feed8805b7f9517a21f9c113e7301c69de160f184c774350a12a710046e3ff6baa37345d319b6f47fd24fbba4e042d54014bee511
- SSDEEP
  
  12288:U9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc3Q5:U8m657w6ZBLmkitKqBCjC0PDgM5A5
Score

1^/10
behavioral3
- Target
  
  Debug/WeAreDevs_API.dll
- Size
  
  607KB
- MD5
  
  ea1ad1e19e81df5cfcb4207563896153
- SHA1
  
  d0391630a4d1eab58b59b62062413fd9a6d70461
- SHA256
  
  ba4ede69fef9675f0c8dd546cf41d0c529fa2bd75965d6964709f20ae3681109
- SHA512
  
  a9b65263739bb794f7d54db06ffbb1c42eeac367b252b820e2e93313e328592652890fa3c6e3ea5d04fa193854c87b499cb07e9b7afc1627de27b27d1cec8471
- SSDEEP
  
  12288:XURkGrbk/x95DR7XZdfrXg+JwuKt/S/60pR5kjo5Bda7EptO:XIkyk/x9L7Xfw+Jwz/S/69k5BkApt
Score

1^/10
behavioral4
- Target
  
  Debug/Z3USExecutor.exe
- Size
  
  38KB
- MD5
  
  ddda400d62dc821bf59f0cb131ef2ef8
- SHA1
  
  1478e4a92c79a1e82b8b836ad041562c9d4f472f
- SHA256
  
  934426b127d021131fe551c3c276d162bcc4d9a4f4c47b09b63ce249bd2c4fef
- SHA512
  
  f42ee72adea8ffb3559afeadb582830ba8e58a839adfaa0c617cf1acae9ff276ce48e9ae0bc7aeb3f8d995cd53ccfeb93378b3d034119034324ac428bfb00d6b
- SSDEEP
  
  768:EU/KM0Esg+UASJidX6GXEwkWAMQQzsXEwkWAA:h/HsPUfJidX6GXEbWAwsXEbWAA
Score

1^/10
behavioral5
- Target
  
  Debug/bin/CeleryIn.bin
- Size
  
  44KB
- MD5
  
  25f3c6098361faa4454bbe0906dad240
- SHA1
  
  94c464c4c0f6a857512aed18cb66ea0a8a8dcac3
- SHA256
  
  f3724814aa158fd0841c066b86abb35d21624fcfff0552f2f1156824707be5ba
- SHA512
  
  30ab91ce3990e5cb90ea465df488cc1b9a3f631598d21df06d526bff9e4a5e55f76de4f19735dcd469c3997807be6dea9951521cfc7e7a9662bc63c6f77392f8
- SSDEEP
  
  384:DOLN/3yg6q0MEe7Tl8ckOUMnuFqlHGoMEpdh3q3DrZrxVsrQo9962B6woQXXvhK:DgaSX6cklFaGmSrZVUs2Okf
Score

1^/10
behavioral6
- Target
  
  Debug/bin/CeleryInjector.exe
- Size
  
  3.1MB
- MD5
  
  eb1f95642914c54314ba72ffcbc79caa
- SHA1
  
  77c254bf9d968fc30da4a090b11b077d4ef4ff8c
- SHA256
  
  657ad03d414e5b29c793d28a23e0bf0306cffe987caa19627fb420af4fa1471b
- SHA512
  
  7c2fa06700b94bccad2707e0224a87954a416b7564a6e6822cb07ccd549202dbd2556cf80c7c92bd9c905c5e1a095de1c3f6343cc3a33b6895c95375ded70389
- SSDEEP
  
  24576:VFvKJxoSmOrOcEOIwKTFZ/duJa3hE+c8/LRHpDGjP8YcR+9p3fWdsI/DOGNAaATt:fvK8OrX2Ea3IsDGjP8lRAp3fA/K2
Score

1^/10
behavioral7
- Target
  
  Debug/main.exe
- Size
  
  54.0MB
- MD5
  
  d453823128c1838b39f5f12970415f51
- SHA1
  
  a341e0492587cc56e0acd418e468748b3890e1c8
- SHA256
  
  df12586c4ee3135acc9987358b8fab58ebdf44b8f16d212dcd33c4c0e6e52ba6
- SHA512
  
  f3ab392e87766e1ff7b101024661739e8a9006ec2dd43eee9a73e2c8cc259c92f9bbf976c36323fcd5b19ddf5672c2af400e8a20eead40963d099b5ebb84ef10
- SSDEEP
  
  393216:Oh9Sgmr3h2Jp5MLurEUWjZEnBSVkRIrY87PoxiXeo61JRTJ+kpZTujKQKC9vVBO:o9KrhpdbwzcY87PCiO11LTdjKjKQKCT
Score

8^/10

execution spyware stealer upx
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral8
- Target
  
  Debug/runme.bat
- Size
  
  88B
- MD5
  
  e142cf3e2623bebd2aaf5041acf658cd
- SHA1
  
  fadcdd610b7805101ab2aa60b7a56fae4bae6c76
- SHA256
  
  a8570d58d87c7e293cb45b401b06637cca30a44f5056726d16f83a104ba70722
- SHA512
  
  865f620ea9388521f5566e253f6c735b8bcd0d24a04de20f70d8768199ee901474adaa33fb97ae5e7b19693d7ceed3d1df6b418554be8e26b517a0541b65f577
Score

8^/10

execution upx
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Drops startup file
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Command and Scripting Interpreter: PowerShell

Drops startup file

Loads dropped DLL

Reads user/profile data of web browsers

UPX packed file

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Command and Scripting Interpreter: PowerShell

Drops startup file

Loads dropped DLL

UPX packed file

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9