Overview
overview
7Static
static
7Celestial ...al.exe
windows10-2004-x64
7Celestial ...er.exe
windows10-2004-x64
7Celestial ...or.dll
windows10-2004-x64
1Celestial ...pf.dll
windows10-2004-x64
1Celestial ...ib.dll
windows10-2004-x64
1Celestial ...et.dll
windows10-2004-x64
1Celestial ...6c.dll
windows10-2004-x64
1Celestial ...8c.dll
windows10-2004-x64
1Celestial ...sm.exe
windows10-2004-x64
1Celestial .../d.exe
windows10-2004-x64
Celestial ...ow.dll
windows10-2004-x64
1Celestial ...eo.dll
windows10-2004-x64
1Celestial ...ip.dll
windows10-2004-x64
1Celestial ...GI.dll
windows10-2004-x64
1Celestial ...11.dll
windows10-2004-x64
1Celestial ...D9.dll
windows10-2004-x64
1Celestial ...DX.dll
windows10-2004-x64
1Celestial .../m.exe
windows10-2004-x64
1Celestial ...sig.py
windows10-2004-x64
3Celestial ...ib.dll
windows10-2004-x64
1Celestial ...ib.dll
windows10-2004-x64
1Celestial ...er.exe
windows10-2004-x64
1Celestial ...rt.bat
windows10-2004-x64
1Celestial ...art.sh
windows10-2004-x64
3General
-
Target
Celestial_Rat.rar
-
Size
13.1MB
-
Sample
240704-sby9xayann
-
MD5
30496f3a3ebd66dd1e1a9c98f0c2972c
-
SHA1
40571b3491c032ab1c28ebc24859a0d01300fafe
-
SHA256
1001fdf77dfa3f34ae1a7e6d32776dcdd94365dc4785a8b82e96834c9d0f60bd
-
SHA512
ba6fb9e5b555b20c5d0c14ab209890948982849d3da4bc0f336db1b3baf7d212e50b8ca6a1db89fc2679eb008021e9651b4795ea6990fc2b9915c8156695ec5f
-
SSDEEP
393216:uoUU21bSb/2r7fIKXX/XapCaNtmWGTpVlPchk5k:uoUnFDfXitmWVv
Behavioral task
behavioral1
Sample
Celestial Rat/Celestial.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral2
Sample
Celestial Rat/CelestialPatcher.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
Celestial Rat/IconExtractor.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral4
Sample
Celestial Rat/Notifications.Wpf.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral5
Sample
Celestial Rat/Vestris.ResourceLib.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral6
Sample
Celestial Rat/WinMM.Net.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
Celestial Rat/data/6c.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral8
Sample
Celestial Rat/data/8c.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
Celestial Rat/data/asm.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral10
Sample
Celestial Rat/data/d.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral11
Sample
Celestial Rat/data/libs/AForge.Video.DirectShow.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral12
Sample
Celestial Rat/data/libs/AForge.Video.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
Celestial Rat/data/libs/DotNetZip.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral14
Sample
Celestial Rat/data/libs/SharpDX.DXGI.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral15
Sample
Celestial Rat/data/libs/SharpDX.Direct3D11.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral16
Sample
Celestial Rat/data/libs/SharpDX.Direct3D9.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral17
Sample
Celestial Rat/data/libs/SharpDX.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral18
Sample
Celestial Rat/data/payload/m.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral19
Sample
Celestial Rat/data/payload/sig.py
Resource
win10v2004-20240508-en
Behavioral task
behavioral20
Sample
Celestial Rat/dnlib.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral21
Sample
Celestial Rat/scripts/ClipperLib.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral22
Sample
Celestial Rat/server/Server.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral23
Sample
Celestial Rat/server/start.bat
Resource
win10v2004-20240508-en
Behavioral task
behavioral24
Sample
Celestial Rat/server/start.sh
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
Celestial Rat/Celestial.exe
-
Size
9.4MB
-
MD5
86cae458b120a8c8f336d30590cc3c4f
-
SHA1
68f0a11a37c01f79db978ef19c03ee9c3457a6db
-
SHA256
4a9d64583260db1c1e4ff7d763341a1ab2bdf1d6e840dd622efad07da12a1d32
-
SHA512
489eb0bc1d465c713e4670a2743499ed256bd535332e211fd37f900f3d4a707c35d9dbee391e33d07eb4a9421f4312f74ecaf924f0b86ddecfe4190186093dbb
-
SSDEEP
196608:8o/0CasEDPZ2lB54SY3KTBRYIzH7IXB0wnlnmELgaJitOsFo:8o/TTAPcf5Bqa3zzH7IB00nn4OsFo
Score7/10-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
Celestial Rat/CelestialPatcher.exe
-
Size
3.6MB
-
MD5
ee61359e7e1ceaed2a297f66baa7c7fc
-
SHA1
01e5940c52ca2db5c295fd4865f2db9bfa720653
-
SHA256
02ac9261c1588b3d464c112cc34b4b29e315ec9f0c2d305f6d8567fc92bd9b90
-
SHA512
1a6bfe99e0289c7e9e964386a6776b7ceaee6fc13ee2fae7d21bc28a766ee2f0b8329cad4edcb92f8254374dd13fe7450029e6020f9fc6456f6fd771fd142006
-
SSDEEP
49152:xBusENBlYwQpOOkr5rWM9ZlVvcAAOdVGlBRSfkRnuocIa9Z41hzugG7:qHpZ1lVv0OjGvRSoeIZzuR
Score7/10-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
Celestial Rat/IconExtractor.dll
-
Size
10KB
-
MD5
640d8ffa779c6dd5252a262e440c66c0
-
SHA1
3252d8a70a18d5d4e0cc84791d587dd12a394c2a
-
SHA256
440912d85d2f98bb4f508ab82847067c18e1e15be0d8ecdcff0cc19327527fc2
-
SHA512
e12084f87bd46010aded22be30e902c5269a6f6bc88286d3bef17c71d070b17beada0fe9e691a2b2f76202b5f9265329f6444575f89aff8551c486eafe4d5f32
-
SSDEEP
192:7f77J4cGYyfQknxLvIgyLY5xJeU5pPpZlEAs:HS2yINgyLYLJR5wl
Score1/10 -
-
-
Target
Celestial Rat/Notifications.Wpf.dll
-
Size
24KB
-
MD5
f30ef05b403132ea4a9949be8c82f94a
-
SHA1
7f6d2d05e5f126a51490af987430d58a80417e45
-
SHA256
26bf458ea96d09e78d9ac1200d2156d9e620e0fec1bda2e7eac6b05c62eb2677
-
SHA512
2bbcf7ec87e4a8ca933116ce86c8f15f98c74c103bdd31f6b55e264bfc07e492aa4b2c271efe7d7dce7e90df882f15de5f26af9ff0137350717ff1c91d0e0059
-
SSDEEP
384:OGzTcjcYCjLO0dBjEQu1NjEVXVfLo9yUEwzjVu9e6134xrZtKN8a9dGg/UzZH:tzAjchPOMj21NAPMjQTMXgMzZH
Score1/10 -
-
-
Target
Celestial Rat/Vestris.ResourceLib.dll
-
Size
76KB
-
MD5
944ce5123c94c66a50376e7b37e3a6a6
-
SHA1
a1936ac79c987a5ba47ca3d023f740401f73529b
-
SHA256
7da3f0e77c4dddc82df7c16c8c781fade599b7c91e3d32eefbce215b8f06b12a
-
SHA512
4c034ff51cc01567f3cb0796575528ca44623b864eb606266bcf955a9259ed26b20bec0086d79038158d3a5af2ada0a90f59d7c6aae9e545294fe77825dbe08b
-
SSDEEP
1536:CSSYikTF0Z+sFGu11tIcyI1MtI9eDG3fL7:CJYD0Z9FGu11teI1r9ea3
Score1/10 -
-
-
Target
Celestial Rat/WinMM.Net.dll
-
Size
43KB
-
MD5
d4b80052c7b4093e10ce1f40ce74f707
-
SHA1
2494a38f1c0d3a0aa9b31cf0650337cacc655697
-
SHA256
59e2ac1b79840274bdfcef412a10058654e42f4285d732d1487e65e60ffbfb46
-
SHA512
3813b81f741ae3adb07ae370e817597ed2803680841ccc7549babb727910c7bff4f8450670d0ca19a0d09e06f133a1aaefecf5b5620e1b0bdb6bcd409982c450
-
SSDEEP
768:LyasDzF2TDSemqD9tGI+ffwj2Au0LVpqmf7KxcOOrYCPTxqPb85:LyaXKemqD9tGI+ffwj2Au0LVpq4KWrlv
Score1/10 -
-
-
Target
Celestial Rat/data/6c.dll
-
Size
12KB
-
MD5
3ec6489c7f7cda436d731c7a725d1c78
-
SHA1
ee1da7a411b3206176f3d84e6dc2765e439bc5f9
-
SHA256
b28ddbb286527291c3d975c1d12f48cdeafc4112f1dd0f4705bd78c45089e602
-
SHA512
95f3475bee34f355a217cb67e06544b046edd282e453a5845ae0055026c23f2fea8206079cee0c194cd447e8a8253cd66fa65c52bbb4963c44f31660ef987e9e
-
SSDEEP
384:3qv40ttXlAm9HPgtSy+0r+7E3j9noVpOsocd8:6w8tOm9HyC0r+e5qnq
Score1/10 -
-
-
Target
Celestial Rat/data/8c.dll
-
Size
10KB
-
MD5
1c5f3af3deceee48756e8cd0e025bd4f
-
SHA1
856ac39e4a19fd4e3cfe43fe5ab6209e7171dc98
-
SHA256
ed987fd6e7270750ca409d2c7a6a83df19c859655bc0f6280052a80a3b73019e
-
SHA512
afa1c5c6d698c1b26789a5c30f097baebccda1eaaa46ff49129810c6b2d5795cb76be5f910f4ffcc4ae68f187ba97547829e9c57bc6b7f634be21d282f3e0ed0
-
SSDEEP
192:GYilGQQCC/dLo8i1/q8Lz+iGwo78IYnp7RKWPfAVx9yufgb84XyJ6tVW527o:GYilGzZdLoTri74p70lQtX/t852s
Score1/10 -
-
-
Target
Celestial Rat/data/asm.exe
-
Size
1.2MB
-
MD5
288f2be6334f4ea09abf3209166f9ac1
-
SHA1
c6c613aea50ee2f51518b2e5e0e1041ee101beb5
-
SHA256
442f6f984804c2e08c151f5565c2fdddda3a899d8e380512f271a3edbbf34cb4
-
SHA512
470ad18548d290bfbe4de768258ac6fc0863d28f4ad5bd8d169cff0d84f1326fb33351c5549c8f888258a7226ad8701ec2d913a8de300a96333403d60a510baa
-
SSDEEP
12288:dzMVtmYR2GGsxc7rjzWzzEqGc3I/Iga5/:dQCYEGGsxcvjzWX5/
Score1/10 -
-
-
Target
Celestial Rat/data/d.exe
-
Size
3KB
-
MD5
4f4191c7dc87491545cbf31ed2e6a67f
-
SHA1
8a5dd92b1608a9e77ef96804da03cdf3ea49037d
-
SHA256
b633090055b97c0f1055d4c222541bda19a7a886b2a1f173f484b724b04fbbcc
-
SHA512
2e41d5710ce1012943b8db6461f9117ce67643b19d150ee52ca0c0be149f089a36697b142107704b1a4c975ce1b06303c89186afaa984ddcbf24b3d0331dc505
Score1/10 -
-
-
Target
Celestial Rat/data/libs/AForge.Video.DirectShow.dll
-
Size
60KB
-
MD5
17ed442e8485ac3f7dc5b3c089654a61
-
SHA1
d3a17c1fdd6d54951141053f88bf8238dea0b937
-
SHA256
666d44798d94eafa1ed21af79e9bc0293ffd96f863ab5d87f78bcee9ef9ffd6b
-
SHA512
9118bf11760354e9971ae8b27f7f6a405e46145b39ca6e6b413cb2e729e51304b895965e9140f66c9e3ef7caa4f344762bf059688b23dd32e4c2df271394fea2
-
SSDEEP
1536:XwumrikcyTpOKVi+Dqp6viPUCcvKWz3NTpAK+7KI4v8U:6dOKViKa6pOWbhpAKyKIVU
Score1/10 -
-
-
Target
Celestial Rat/data/libs/AForge.Video.dll
-
Size
20KB
-
MD5
0bd34aa29c7ea4181900797395a6da78
-
SHA1
ddffdcef29daddc36ca7d8ae2c8e01c1c8bb23a8
-
SHA256
bafa6ed04ca2782270074127a0498dde022c2a9f4096c6bb2b8e3c08bb3d404d
-
SHA512
a3734660c0aba1c2b27ab55f9e578371b56c82754a3b7cfd01e68c88967c8dada8d202260220831f1d1039a5a35bd1a67624398e689702481ac056d1c1ddcdb0
-
SSDEEP
384:Wu9f/hWFwLX+WJ7gfZLTswhHDlOdKaCxkyf0l:HfpZL9uxE9Cxd8l
Score1/10 -
-
-
Target
Celestial Rat/data/libs/DotNetZip.dll
-
Size
448KB
-
MD5
6d1c62ec1c2ef722f49b2d8dd4a4df16
-
SHA1
1bb08a979b7987bc7736a8cfa4779383cb0ecfa6
-
SHA256
00da1597d92235d3f84da979e2fa5dbf049bafb52c33bd6fc8ee7b29570c124c
-
SHA512
c0dce8eaa52eb6c319d4be2eec4622bb3380c65b659cfb77ff51a4ada7d3e591e791ee823dad67b5556ffac5c060ff45d09dd1cc21baaf70ba89806647cb3bd2
-
SSDEEP
6144:FuCIjOL8qwWN/jMlC/XiapWSu9vnITVxGtSV41kJDsTDD5rlGe6wfxLV/7:dZLJLdvOSsnjS4csBrge6sf7
Score1/10 -
-
-
Target
Celestial Rat/data/libs/SharpDX.DXGI.dll
-
Size
125KB
-
MD5
2b44c70c49b70d797fbb748158b5d9bb
-
SHA1
93e00e6527e461c45c7868d14cf05c007e478081
-
SHA256
3762d43c83af69cd38c9341a927ca6bd00f6bae8217c874d693047d6df4705bf
-
SHA512
faced62f6ecbfa2ee0d7a47e300302d23030d1f28758cbe9c442e9d8d4f8359c59088aa6237a28103e43d248c8efc7eeaf2c184028701b752df6cce92d6854d0
-
SSDEEP
1536:taSL4xpOaI0PXSgMkPXsHIrPQkrNCivO5Ib6VU3x8w85SMxcnqNojG5JW/UlibAs:taSLYpfI0fTtP8HIbQkreK
Score1/10 -
-
-
Target
Celestial Rat/data/libs/SharpDX.Direct3D11.dll
-
Size
271KB
-
MD5
98eb5ba5871acdeaebf3a3b0f64be449
-
SHA1
c965284f60ef789b00b10b3df60ee682b4497de3
-
SHA256
d7617d926648849cbfef450b8f48e458ee52e2793fb2251a30094b778aa8848c
-
SHA512
a60025e304713d333e4b82b2d0be28087950688b049c98d2db5910c00b8d45b92e16d25ac8a58ff1318de019de3a9a00c7cbf8a6ad4b5bb1cb175dafa1b9bea2
-
SSDEEP
3072:6ccUvNf/AThDrcfiSDt0XN3ZDoyz91Sy0KwbwgG5OHDyGQsnHZ09K3vJqlQ1VcTS:zRfi+SmNgOHDyGQsucvJqW6Ts4dDjJZ
Score1/10 -
-
-
Target
Celestial Rat/data/libs/SharpDX.Direct3D9.dll
-
Size
338KB
-
MD5
934da0e49208d0881c44fe19d5033840
-
SHA1
a19c5a822e82e41752a08d3bd9110db19a8a5016
-
SHA256
02da4af8cd4a8de19d816000caaae885e676b9e52f136ff071a279c2b8ad34c7
-
SHA512
de62f629c2299b50af62893244a28895d63b78138c8632449984306f45de16bd01076eadbb0d75a700215e970c1df731e202ea640236c0f0da6ed15146193b59
-
SSDEEP
6144:sF8TUNl4RaWH/EgJ2bOVbIbgiSC0EhS/:+8laWsgOOQHS
Score1/10 -
-
-
Target
Celestial Rat/data/libs/SharpDX.dll
-
Size
247KB
-
MD5
ffb4b61cc11bec6d48226027c2c26704
-
SHA1
fa8b9e344accbdc4dffa9b5d821d23f0716da29e
-
SHA256
061542ff3fb36039b7bbffdf3e07b66176b264c1dfd834a14b09c08620717303
-
SHA512
48aa6130bf1f5bd6de19256bbdf754c0158b43dd122cec47bb801a7a7b56f2da268bfdec24d135621764a23278ead3dcc35911a057e2dfa55a348bae8ef7b8a9
-
SSDEEP
6144:/yx2FKVw+6LRnencMdWqtFhdpGFfnbJoeeYr:6w+Ienc1qf6bJrd
Score1/10 -
-
-
Target
Celestial Rat/data/payload/m.exe
-
Size
101KB
-
MD5
8b632bfc3fe653a510cba277c2d699d1
-
SHA1
d6a57aa17e5eb51297def9bac04e574c1e36d9c7
-
SHA256
2852680c94a9d68cdab285012d9328a1ceca290db60c9e35155c2bb3e46a41b4
-
SHA512
b9ea70ed984d3b4a42eceb9f34f222b722c4c1985b79b368d769fe0fd1f19f037ffebe2cf938aa98ed450337836a7469d911848448d99223995f7fb3a9304587
-
SSDEEP
3072:S0+mlNniJkkKcfqBOb65VgB183gUGQ340HpL:SvmlNn4kkeOAVA1rUGh0Hp
Score1/10 -
-
-
Target
Celestial Rat/data/payload/sig.py
-
Size
10KB
-
MD5
d3fb7ea2605ea11bffcc182c2a04a05c
-
SHA1
db7c73078f5e1d3272641aa850ae498bcc0d1aec
-
SHA256
9f9de3fed2a5096064400ca82f724d0a3579ddddd952802a9b0b7090e3a67ebf
-
SHA512
7c0914063bf1d38f3a0b91038cb6719dd243160ea418dfa7e478fe45cc6f00b0afecf7664394be4b4ff17bfed552eb8d12437106a23a6fbc816fbb0800caa2b9
-
SSDEEP
192:k5dsG6l63D/uIiYi+gV6EfowUMB1N1d11TqmSe9aF:kN/myab11Oh
Score3/10 -
-
-
Target
Celestial Rat/dnlib.dll
-
Size
1.1MB
-
MD5
de0069c4097c987bd30ebe8155a8af35
-
SHA1
aced007f4d852d7b84c689a92d9c36e24381d375
-
SHA256
83445595d38a8e33513b33dfc201983af4746e5327c9bed470a6282d91d539b6
-
SHA512
66c45818e5c555e5250f8250ea704bc4ca32ddb4d5824c852ae5dc0f264b009af73c7c1e0db1b74c14ee6b612608d939386da23b56520cac415cd5a8f60a5502
-
SSDEEP
24576:m+pL+hwfQvqx+yLjynb1YNzh/CNX7fegPeH3hid3Hc9ZEu5DkU6FPepU1VWv7fo0:sxvCLUJ
Score1/10 -
-
-
Target
Celestial Rat/scripts/ClipperLib.dll
-
Size
6KB
-
MD5
5808a2d5f26fed3bba87215814269441
-
SHA1
55f22333b297eac7b3cee9926102f1813fcb6c80
-
SHA256
37f5ae278214418b8b446db0b7bc73d523fcb33ab06858dcc032df52c2e42bc0
-
SHA512
947a43c7f5bce7d693505c0a1f27ff3d91613671b2cbc5a2cedd2404c01ad413861f7d10aa82f2de613138862572c9d8453ed4dc1c15fd22f42ca1ed91f3734e
-
SSDEEP
96:UhmExmvTk9dBqY+TQbzpfVD2qe5ombWnRVVvQklmOez:UhLx1h4QblhIomKVVvJP
Score1/10 -
-
-
Target
Celestial Rat/server/Server.dll
-
Size
77KB
-
MD5
f4ca6c347e85f747ffd1056021fe687f
-
SHA1
c7f655075814e56daa7f4f037f09a37c7d07576d
-
SHA256
cbddd8650c3bb5ccc914c36746a72c3659fe74f42fd938007ce17fbc153079d5
-
SHA512
1d5def74f59a7a982b85ef5406793d28271125085e7d5eddefe353d46b2852fb4ad3c1a74bbaac93d30a75de1c19e8fbf5a6adb7cf3487b93445b69d60f1714f
-
SSDEEP
768:o/uxpziDy3VP7YQ4E822l+GkgDPY0TZyWOnZQF25u7E+hbTYSqMdZd:owziDMVzvJ++ngDPY0TZ10WAY7BcEZd
Score1/10 -
-
-
Target
Celestial Rat/server/start.bat
-
Size
37B
-
MD5
4d04aeb048cd4e89bf1b6718824ec5a2
-
SHA1
621e1ae4a7d7901e34e61f6e7fa90b8ad89af0de
-
SHA256
409dffb5444c2630541f7d539effeeae3df3ed993b4dba2a5e60d8940548b1d1
-
SHA512
99c18b9c6a397c4033a2dde8fdc1fa13b9d5a685d50548358651d617c42b059b8f772d7e34dc1769ae546e11229b19185a4fd93ce2753567ead51a999365fb40
Score1/10 -
-
-
Target
Celestial Rat/server/start.sh
-
Size
31B
-
MD5
e61025394a091067d696d9bad73ee4ac
-
SHA1
1332dde20433eb1415c416f0281a884bcdf2890f
-
SHA256
b5cdc6104a9d576c35234153d4658fed1e152dc4044064ca1af376d88e254b92
-
SHA512
921df7058d7fc535e2d72c14922e860e3944318cb0d7734f122a782e73272b4b2dd79ec62b2025c30012a984a6798c3e7873be38ebc2410bef191e9787ef1328
Score3/10 -