Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
8Static
static
3Debug/CeleryAPI.dll
windows10-2004-x64
1Debug/Fast...ox.dll
windows10-2004-x64
1Debug/Newt...on.dll
windows10-2004-x64
1Debug/WeAr...PI.dll
windows10-2004-x64
1Debug/Z3US...or.exe
windows10-2004-x64
1Debug/bin/...In.dll
windows10-2004-x64
1Debug/bin/...or.exe
windows10-2004-x64
1Debug/main.exe
windows10-2004-x64
8Debug/runme.bat
windows10-2004-x64
8General
-
Target
Debug.zip
-
Size
25.6MB
-
Sample
240515-yehn8agh62
-
MD5
e1771579691287180aad10b698b8679d
-
SHA1
a2af08015a3b6827dfda96a664986650eaa13feb
-
SHA256
dd98100e3311787bf2f815552c9ac348c0d903849fba025eda2c5a0deec95902
-
SHA512
cf419f9fe5d0e17d08ad6eab08726fa1d5889d411a25199b4cef58d6b05adea217737291856f37df8f075867ea2dee7267e17e4bc5ed2f0d62c4baadb0b4483d
-
SSDEEP
786432:rxLROZXdpch44EfYbQkbC1V+iU9nO8gQzuc:JRoXdGyfY5NRdgQz5
Behavioral task
behavioral1
Sample
Debug/CeleryAPI.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral2
Sample
Debug/FastColoredTextBox.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
Debug/Newtonsoft.Json.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral4
Sample
Debug/WeAreDevs_API.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
Debug/Z3USExecutor.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral6
Sample
Debug/bin/CeleryIn.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
Debug/bin/CeleryInjector.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral8
Sample
Debug/main.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
Debug/CeleryAPI.dll
-
Size
21KB
-
MD5
99a217bdc8c685c3b0a319d9ea8a14db
-
SHA1
4033ddd18b8050575fdc6c59476469e681c6a5d2
-
SHA256
77d28d642ae0933ae522351fdb0b610045bbbf7911cfc8d8febbdea981a4ca19
-
SHA512
2675b79714d748339bc041508c4ace30ea5a19e931f1b85ca3010e2642e3859c5089763a54346d02da7788b8daa3500664b3e471be63c5c6282e242272a8bdf5
-
SSDEEP
384:V5hMn/3zqAaomvdkf0azg5mnUXHU6BV7rFY+EJs325Kc:I/zBCClNUX0e7Z835n
Score1/10 -
-
-
Target
Debug/FastColoredTextBox.dll
-
Size
323KB
-
MD5
8610f4d3cdc6cc50022feddced9fdaeb
-
SHA1
4b60b87fd696b02d7fce38325c7adfc9e806f650
-
SHA256
ac926c92ccfc3789a5ae571cc4415eb1897d500a79604d8495241c19acdf01b9
-
SHA512
693d1af1f89470eab659b4747fe344836affa0af8485b0c0635e2519815e5a498f4618ea08db9dcf421aac1069a04616046207ee05b9ed66c0a1c4a8f0bddd09
-
SSDEEP
6144:0R0J4lx4/7BA4xvNdcwCOg04j0y5mwZkdmsqmLDi5eNH+Dl1SIP0:0R0J48lAovNd7CO34D4b4eNO
Score1/10 -
-
-
Target
Debug/Newtonsoft.Json.dll
-
Size
685KB
-
MD5
081d9558bbb7adce142da153b2d5577a
-
SHA1
7d0ad03fbda1c24f883116b940717e596073ae96
-
SHA256
b624949df8b0e3a6153fdfb730a7c6f4990b6592ee0d922e1788433d276610f3
-
SHA512
2fdf035661f349206f58ea1feed8805b7f9517a21f9c113e7301c69de160f184c774350a12a710046e3ff6baa37345d319b6f47fd24fbba4e042d54014bee511
-
SSDEEP
12288:U9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc3Q5:U8m657w6ZBLmkitKqBCjC0PDgM5A5
Score1/10 -
-
-
Target
Debug/WeAreDevs_API.dll
-
Size
607KB
-
MD5
ea1ad1e19e81df5cfcb4207563896153
-
SHA1
d0391630a4d1eab58b59b62062413fd9a6d70461
-
SHA256
ba4ede69fef9675f0c8dd546cf41d0c529fa2bd75965d6964709f20ae3681109
-
SHA512
a9b65263739bb794f7d54db06ffbb1c42eeac367b252b820e2e93313e328592652890fa3c6e3ea5d04fa193854c87b499cb07e9b7afc1627de27b27d1cec8471
-
SSDEEP
12288:XURkGrbk/x95DR7XZdfrXg+JwuKt/S/60pR5kjo5Bda7EptO:XIkyk/x9L7Xfw+Jwz/S/69k5BkApt
Score1/10 -
-
-
Target
Debug/Z3USExecutor.exe
-
Size
38KB
-
MD5
ddda400d62dc821bf59f0cb131ef2ef8
-
SHA1
1478e4a92c79a1e82b8b836ad041562c9d4f472f
-
SHA256
934426b127d021131fe551c3c276d162bcc4d9a4f4c47b09b63ce249bd2c4fef
-
SHA512
f42ee72adea8ffb3559afeadb582830ba8e58a839adfaa0c617cf1acae9ff276ce48e9ae0bc7aeb3f8d995cd53ccfeb93378b3d034119034324ac428bfb00d6b
-
SSDEEP
768:EU/KM0Esg+UASJidX6GXEwkWAMQQzsXEwkWAA:h/HsPUfJidX6GXEbWAwsXEbWAA
Score1/10 -
-
-
Target
Debug/bin/CeleryIn.bin
-
Size
44KB
-
MD5
25f3c6098361faa4454bbe0906dad240
-
SHA1
94c464c4c0f6a857512aed18cb66ea0a8a8dcac3
-
SHA256
f3724814aa158fd0841c066b86abb35d21624fcfff0552f2f1156824707be5ba
-
SHA512
30ab91ce3990e5cb90ea465df488cc1b9a3f631598d21df06d526bff9e4a5e55f76de4f19735dcd469c3997807be6dea9951521cfc7e7a9662bc63c6f77392f8
-
SSDEEP
384:DOLN/3yg6q0MEe7Tl8ckOUMnuFqlHGoMEpdh3q3DrZrxVsrQo9962B6woQXXvhK:DgaSX6cklFaGmSrZVUs2Okf
Score1/10 -
-
-
Target
Debug/bin/CeleryInjector.exe
-
Size
3.1MB
-
MD5
eb1f95642914c54314ba72ffcbc79caa
-
SHA1
77c254bf9d968fc30da4a090b11b077d4ef4ff8c
-
SHA256
657ad03d414e5b29c793d28a23e0bf0306cffe987caa19627fb420af4fa1471b
-
SHA512
7c2fa06700b94bccad2707e0224a87954a416b7564a6e6822cb07ccd549202dbd2556cf80c7c92bd9c905c5e1a095de1c3f6343cc3a33b6895c95375ded70389
-
SSDEEP
24576:VFvKJxoSmOrOcEOIwKTFZ/duJa3hE+c8/LRHpDGjP8YcR+9p3fWdsI/DOGNAaATt:fvK8OrX2Ea3IsDGjP8lRAp3fA/K2
Score1/10 -
-
-
Target
Debug/main.exe
-
Size
54.0MB
-
MD5
d453823128c1838b39f5f12970415f51
-
SHA1
a341e0492587cc56e0acd418e468748b3890e1c8
-
SHA256
df12586c4ee3135acc9987358b8fab58ebdf44b8f16d212dcd33c4c0e6e52ba6
-
SHA512
f3ab392e87766e1ff7b101024661739e8a9006ec2dd43eee9a73e2c8cc259c92f9bbf976c36323fcd5b19ddf5672c2af400e8a20eead40963d099b5ebb84ef10
-
SSDEEP
393216:Oh9Sgmr3h2Jp5MLurEUWjZEnBSVkRIrY87PoxiXeo61JRTJ+kpZTujKQKC9vVBO:o9KrhpdbwzcY87PCiO11LTdjKjKQKCT
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops startup file
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
Debug/runme.bat
-
Size
88B
-
MD5
e142cf3e2623bebd2aaf5041acf658cd
-
SHA1
fadcdd610b7805101ab2aa60b7a56fae4bae6c76
-
SHA256
a8570d58d87c7e293cb45b401b06637cca30a44f5056726d16f83a104ba70722
-
SHA512
865f620ea9388521f5566e253f6c735b8bcd0d24a04de20f70d8768199ee901474adaa33fb97ae5e7b19693d7ceed3d1df6b418554be8e26b517a0541b65f577
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops startup file
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-