General

  • Target

    Celestial_Rat.rar

  • Size

    13.1MB

  • Sample

    240704-sby9xayann

  • MD5

    30496f3a3ebd66dd1e1a9c98f0c2972c

  • SHA1

    40571b3491c032ab1c28ebc24859a0d01300fafe

  • SHA256

    1001fdf77dfa3f34ae1a7e6d32776dcdd94365dc4785a8b82e96834c9d0f60bd

  • SHA512

    ba6fb9e5b555b20c5d0c14ab209890948982849d3da4bc0f336db1b3baf7d212e50b8ca6a1db89fc2679eb008021e9651b4795ea6990fc2b9915c8156695ec5f

  • SSDEEP

    393216:uoUU21bSb/2r7fIKXX/XapCaNtmWGTpVlPchk5k:uoUnFDfXitmWVv

Score
7/10

Malware Config

Targets

    • Target

      Celestial Rat/Celestial.exe

    • Size

      9.4MB

    • MD5

      86cae458b120a8c8f336d30590cc3c4f

    • SHA1

      68f0a11a37c01f79db978ef19c03ee9c3457a6db

    • SHA256

      4a9d64583260db1c1e4ff7d763341a1ab2bdf1d6e840dd622efad07da12a1d32

    • SHA512

      489eb0bc1d465c713e4670a2743499ed256bd535332e211fd37f900f3d4a707c35d9dbee391e33d07eb4a9421f4312f74ecaf924f0b86ddecfe4190186093dbb

    • SSDEEP

      196608:8o/0CasEDPZ2lB54SY3KTBRYIzH7IXB0wnlnmELgaJitOsFo:8o/TTAPcf5Bqa3zzH7IB00nn4OsFo

    Score
    7/10
    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      Celestial Rat/CelestialPatcher.exe

    • Size

      3.6MB

    • MD5

      ee61359e7e1ceaed2a297f66baa7c7fc

    • SHA1

      01e5940c52ca2db5c295fd4865f2db9bfa720653

    • SHA256

      02ac9261c1588b3d464c112cc34b4b29e315ec9f0c2d305f6d8567fc92bd9b90

    • SHA512

      1a6bfe99e0289c7e9e964386a6776b7ceaee6fc13ee2fae7d21bc28a766ee2f0b8329cad4edcb92f8254374dd13fe7450029e6020f9fc6456f6fd771fd142006

    • SSDEEP

      49152:xBusENBlYwQpOOkr5rWM9ZlVvcAAOdVGlBRSfkRnuocIa9Z41hzugG7:qHpZ1lVv0OjGvRSoeIZzuR

    Score
    7/10
    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      Celestial Rat/IconExtractor.dll

    • Size

      10KB

    • MD5

      640d8ffa779c6dd5252a262e440c66c0

    • SHA1

      3252d8a70a18d5d4e0cc84791d587dd12a394c2a

    • SHA256

      440912d85d2f98bb4f508ab82847067c18e1e15be0d8ecdcff0cc19327527fc2

    • SHA512

      e12084f87bd46010aded22be30e902c5269a6f6bc88286d3bef17c71d070b17beada0fe9e691a2b2f76202b5f9265329f6444575f89aff8551c486eafe4d5f32

    • SSDEEP

      192:7f77J4cGYyfQknxLvIgyLY5xJeU5pPpZlEAs:HS2yINgyLYLJR5wl

    Score
    1/10
    • Target

      Celestial Rat/Notifications.Wpf.dll

    • Size

      24KB

    • MD5

      f30ef05b403132ea4a9949be8c82f94a

    • SHA1

      7f6d2d05e5f126a51490af987430d58a80417e45

    • SHA256

      26bf458ea96d09e78d9ac1200d2156d9e620e0fec1bda2e7eac6b05c62eb2677

    • SHA512

      2bbcf7ec87e4a8ca933116ce86c8f15f98c74c103bdd31f6b55e264bfc07e492aa4b2c271efe7d7dce7e90df882f15de5f26af9ff0137350717ff1c91d0e0059

    • SSDEEP

      384:OGzTcjcYCjLO0dBjEQu1NjEVXVfLo9yUEwzjVu9e6134xrZtKN8a9dGg/UzZH:tzAjchPOMj21NAPMjQTMXgMzZH

    Score
    1/10
    • Target

      Celestial Rat/Vestris.ResourceLib.dll

    • Size

      76KB

    • MD5

      944ce5123c94c66a50376e7b37e3a6a6

    • SHA1

      a1936ac79c987a5ba47ca3d023f740401f73529b

    • SHA256

      7da3f0e77c4dddc82df7c16c8c781fade599b7c91e3d32eefbce215b8f06b12a

    • SHA512

      4c034ff51cc01567f3cb0796575528ca44623b864eb606266bcf955a9259ed26b20bec0086d79038158d3a5af2ada0a90f59d7c6aae9e545294fe77825dbe08b

    • SSDEEP

      1536:CSSYikTF0Z+sFGu11tIcyI1MtI9eDG3fL7:CJYD0Z9FGu11teI1r9ea3

    Score
    1/10
    • Target

      Celestial Rat/WinMM.Net.dll

    • Size

      43KB

    • MD5

      d4b80052c7b4093e10ce1f40ce74f707

    • SHA1

      2494a38f1c0d3a0aa9b31cf0650337cacc655697

    • SHA256

      59e2ac1b79840274bdfcef412a10058654e42f4285d732d1487e65e60ffbfb46

    • SHA512

      3813b81f741ae3adb07ae370e817597ed2803680841ccc7549babb727910c7bff4f8450670d0ca19a0d09e06f133a1aaefecf5b5620e1b0bdb6bcd409982c450

    • SSDEEP

      768:LyasDzF2TDSemqD9tGI+ffwj2Au0LVpqmf7KxcOOrYCPTxqPb85:LyaXKemqD9tGI+ffwj2Au0LVpq4KWrlv

    Score
    1/10
    • Target

      Celestial Rat/data/6c.dll

    • Size

      12KB

    • MD5

      3ec6489c7f7cda436d731c7a725d1c78

    • SHA1

      ee1da7a411b3206176f3d84e6dc2765e439bc5f9

    • SHA256

      b28ddbb286527291c3d975c1d12f48cdeafc4112f1dd0f4705bd78c45089e602

    • SHA512

      95f3475bee34f355a217cb67e06544b046edd282e453a5845ae0055026c23f2fea8206079cee0c194cd447e8a8253cd66fa65c52bbb4963c44f31660ef987e9e

    • SSDEEP

      384:3qv40ttXlAm9HPgtSy+0r+7E3j9noVpOsocd8:6w8tOm9HyC0r+e5qnq

    Score
    1/10
    • Target

      Celestial Rat/data/8c.dll

    • Size

      10KB

    • MD5

      1c5f3af3deceee48756e8cd0e025bd4f

    • SHA1

      856ac39e4a19fd4e3cfe43fe5ab6209e7171dc98

    • SHA256

      ed987fd6e7270750ca409d2c7a6a83df19c859655bc0f6280052a80a3b73019e

    • SHA512

      afa1c5c6d698c1b26789a5c30f097baebccda1eaaa46ff49129810c6b2d5795cb76be5f910f4ffcc4ae68f187ba97547829e9c57bc6b7f634be21d282f3e0ed0

    • SSDEEP

      192:GYilGQQCC/dLo8i1/q8Lz+iGwo78IYnp7RKWPfAVx9yufgb84XyJ6tVW527o:GYilGzZdLoTri74p70lQtX/t852s

    Score
    1/10
    • Target

      Celestial Rat/data/asm.exe

    • Size

      1.2MB

    • MD5

      288f2be6334f4ea09abf3209166f9ac1

    • SHA1

      c6c613aea50ee2f51518b2e5e0e1041ee101beb5

    • SHA256

      442f6f984804c2e08c151f5565c2fdddda3a899d8e380512f271a3edbbf34cb4

    • SHA512

      470ad18548d290bfbe4de768258ac6fc0863d28f4ad5bd8d169cff0d84f1326fb33351c5549c8f888258a7226ad8701ec2d913a8de300a96333403d60a510baa

    • SSDEEP

      12288:dzMVtmYR2GGsxc7rjzWzzEqGc3I/Iga5/:dQCYEGGsxcvjzWX5/

    Score
    1/10
    • Target

      Celestial Rat/data/d.exe

    • Size

      3KB

    • MD5

      4f4191c7dc87491545cbf31ed2e6a67f

    • SHA1

      8a5dd92b1608a9e77ef96804da03cdf3ea49037d

    • SHA256

      b633090055b97c0f1055d4c222541bda19a7a886b2a1f173f484b724b04fbbcc

    • SHA512

      2e41d5710ce1012943b8db6461f9117ce67643b19d150ee52ca0c0be149f089a36697b142107704b1a4c975ce1b06303c89186afaa984ddcbf24b3d0331dc505

    Score
    1/10
    • Target

      Celestial Rat/data/libs/AForge.Video.DirectShow.dll

    • Size

      60KB

    • MD5

      17ed442e8485ac3f7dc5b3c089654a61

    • SHA1

      d3a17c1fdd6d54951141053f88bf8238dea0b937

    • SHA256

      666d44798d94eafa1ed21af79e9bc0293ffd96f863ab5d87f78bcee9ef9ffd6b

    • SHA512

      9118bf11760354e9971ae8b27f7f6a405e46145b39ca6e6b413cb2e729e51304b895965e9140f66c9e3ef7caa4f344762bf059688b23dd32e4c2df271394fea2

    • SSDEEP

      1536:XwumrikcyTpOKVi+Dqp6viPUCcvKWz3NTpAK+7KI4v8U:6dOKViKa6pOWbhpAKyKIVU

    Score
    1/10
    • Target

      Celestial Rat/data/libs/AForge.Video.dll

    • Size

      20KB

    • MD5

      0bd34aa29c7ea4181900797395a6da78

    • SHA1

      ddffdcef29daddc36ca7d8ae2c8e01c1c8bb23a8

    • SHA256

      bafa6ed04ca2782270074127a0498dde022c2a9f4096c6bb2b8e3c08bb3d404d

    • SHA512

      a3734660c0aba1c2b27ab55f9e578371b56c82754a3b7cfd01e68c88967c8dada8d202260220831f1d1039a5a35bd1a67624398e689702481ac056d1c1ddcdb0

    • SSDEEP

      384:Wu9f/hWFwLX+WJ7gfZLTswhHDlOdKaCxkyf0l:HfpZL9uxE9Cxd8l

    Score
    1/10
    • Target

      Celestial Rat/data/libs/DotNetZip.dll

    • Size

      448KB

    • MD5

      6d1c62ec1c2ef722f49b2d8dd4a4df16

    • SHA1

      1bb08a979b7987bc7736a8cfa4779383cb0ecfa6

    • SHA256

      00da1597d92235d3f84da979e2fa5dbf049bafb52c33bd6fc8ee7b29570c124c

    • SHA512

      c0dce8eaa52eb6c319d4be2eec4622bb3380c65b659cfb77ff51a4ada7d3e591e791ee823dad67b5556ffac5c060ff45d09dd1cc21baaf70ba89806647cb3bd2

    • SSDEEP

      6144:FuCIjOL8qwWN/jMlC/XiapWSu9vnITVxGtSV41kJDsTDD5rlGe6wfxLV/7:dZLJLdvOSsnjS4csBrge6sf7

    Score
    1/10
    • Target

      Celestial Rat/data/libs/SharpDX.DXGI.dll

    • Size

      125KB

    • MD5

      2b44c70c49b70d797fbb748158b5d9bb

    • SHA1

      93e00e6527e461c45c7868d14cf05c007e478081

    • SHA256

      3762d43c83af69cd38c9341a927ca6bd00f6bae8217c874d693047d6df4705bf

    • SHA512

      faced62f6ecbfa2ee0d7a47e300302d23030d1f28758cbe9c442e9d8d4f8359c59088aa6237a28103e43d248c8efc7eeaf2c184028701b752df6cce92d6854d0

    • SSDEEP

      1536:taSL4xpOaI0PXSgMkPXsHIrPQkrNCivO5Ib6VU3x8w85SMxcnqNojG5JW/UlibAs:taSLYpfI0fTtP8HIbQkreK

    Score
    1/10
    • Target

      Celestial Rat/data/libs/SharpDX.Direct3D11.dll

    • Size

      271KB

    • MD5

      98eb5ba5871acdeaebf3a3b0f64be449

    • SHA1

      c965284f60ef789b00b10b3df60ee682b4497de3

    • SHA256

      d7617d926648849cbfef450b8f48e458ee52e2793fb2251a30094b778aa8848c

    • SHA512

      a60025e304713d333e4b82b2d0be28087950688b049c98d2db5910c00b8d45b92e16d25ac8a58ff1318de019de3a9a00c7cbf8a6ad4b5bb1cb175dafa1b9bea2

    • SSDEEP

      3072:6ccUvNf/AThDrcfiSDt0XN3ZDoyz91Sy0KwbwgG5OHDyGQsnHZ09K3vJqlQ1VcTS:zRfi+SmNgOHDyGQsucvJqW6Ts4dDjJZ

    Score
    1/10
    • Target

      Celestial Rat/data/libs/SharpDX.Direct3D9.dll

    • Size

      338KB

    • MD5

      934da0e49208d0881c44fe19d5033840

    • SHA1

      a19c5a822e82e41752a08d3bd9110db19a8a5016

    • SHA256

      02da4af8cd4a8de19d816000caaae885e676b9e52f136ff071a279c2b8ad34c7

    • SHA512

      de62f629c2299b50af62893244a28895d63b78138c8632449984306f45de16bd01076eadbb0d75a700215e970c1df731e202ea640236c0f0da6ed15146193b59

    • SSDEEP

      6144:sF8TUNl4RaWH/EgJ2bOVbIbgiSC0EhS/:+8laWsgOOQHS

    Score
    1/10
    • Target

      Celestial Rat/data/libs/SharpDX.dll

    • Size

      247KB

    • MD5

      ffb4b61cc11bec6d48226027c2c26704

    • SHA1

      fa8b9e344accbdc4dffa9b5d821d23f0716da29e

    • SHA256

      061542ff3fb36039b7bbffdf3e07b66176b264c1dfd834a14b09c08620717303

    • SHA512

      48aa6130bf1f5bd6de19256bbdf754c0158b43dd122cec47bb801a7a7b56f2da268bfdec24d135621764a23278ead3dcc35911a057e2dfa55a348bae8ef7b8a9

    • SSDEEP

      6144:/yx2FKVw+6LRnencMdWqtFhdpGFfnbJoeeYr:6w+Ienc1qf6bJrd

    Score
    1/10
    • Target

      Celestial Rat/data/payload/m.exe

    • Size

      101KB

    • MD5

      8b632bfc3fe653a510cba277c2d699d1

    • SHA1

      d6a57aa17e5eb51297def9bac04e574c1e36d9c7

    • SHA256

      2852680c94a9d68cdab285012d9328a1ceca290db60c9e35155c2bb3e46a41b4

    • SHA512

      b9ea70ed984d3b4a42eceb9f34f222b722c4c1985b79b368d769fe0fd1f19f037ffebe2cf938aa98ed450337836a7469d911848448d99223995f7fb3a9304587

    • SSDEEP

      3072:S0+mlNniJkkKcfqBOb65VgB183gUGQ340HpL:SvmlNn4kkeOAVA1rUGh0Hp

    Score
    1/10
    • Target

      Celestial Rat/data/payload/sig.py

    • Size

      10KB

    • MD5

      d3fb7ea2605ea11bffcc182c2a04a05c

    • SHA1

      db7c73078f5e1d3272641aa850ae498bcc0d1aec

    • SHA256

      9f9de3fed2a5096064400ca82f724d0a3579ddddd952802a9b0b7090e3a67ebf

    • SHA512

      7c0914063bf1d38f3a0b91038cb6719dd243160ea418dfa7e478fe45cc6f00b0afecf7664394be4b4ff17bfed552eb8d12437106a23a6fbc816fbb0800caa2b9

    • SSDEEP

      192:k5dsG6l63D/uIiYi+gV6EfowUMB1N1d11TqmSe9aF:kN/myab11Oh

    Score
    3/10
    • Target

      Celestial Rat/dnlib.dll

    • Size

      1.1MB

    • MD5

      de0069c4097c987bd30ebe8155a8af35

    • SHA1

      aced007f4d852d7b84c689a92d9c36e24381d375

    • SHA256

      83445595d38a8e33513b33dfc201983af4746e5327c9bed470a6282d91d539b6

    • SHA512

      66c45818e5c555e5250f8250ea704bc4ca32ddb4d5824c852ae5dc0f264b009af73c7c1e0db1b74c14ee6b612608d939386da23b56520cac415cd5a8f60a5502

    • SSDEEP

      24576:m+pL+hwfQvqx+yLjynb1YNzh/CNX7fegPeH3hid3Hc9ZEu5DkU6FPepU1VWv7fo0:sxvCLUJ

    Score
    1/10
    • Target

      Celestial Rat/scripts/ClipperLib.dll

    • Size

      6KB

    • MD5

      5808a2d5f26fed3bba87215814269441

    • SHA1

      55f22333b297eac7b3cee9926102f1813fcb6c80

    • SHA256

      37f5ae278214418b8b446db0b7bc73d523fcb33ab06858dcc032df52c2e42bc0

    • SHA512

      947a43c7f5bce7d693505c0a1f27ff3d91613671b2cbc5a2cedd2404c01ad413861f7d10aa82f2de613138862572c9d8453ed4dc1c15fd22f42ca1ed91f3734e

    • SSDEEP

      96:UhmExmvTk9dBqY+TQbzpfVD2qe5ombWnRVVvQklmOez:UhLx1h4QblhIomKVVvJP

    Score
    1/10
    • Target

      Celestial Rat/server/Server.dll

    • Size

      77KB

    • MD5

      f4ca6c347e85f747ffd1056021fe687f

    • SHA1

      c7f655075814e56daa7f4f037f09a37c7d07576d

    • SHA256

      cbddd8650c3bb5ccc914c36746a72c3659fe74f42fd938007ce17fbc153079d5

    • SHA512

      1d5def74f59a7a982b85ef5406793d28271125085e7d5eddefe353d46b2852fb4ad3c1a74bbaac93d30a75de1c19e8fbf5a6adb7cf3487b93445b69d60f1714f

    • SSDEEP

      768:o/uxpziDy3VP7YQ4E822l+GkgDPY0TZyWOnZQF25u7E+hbTYSqMdZd:owziDMVzvJ++ngDPY0TZ10WAY7BcEZd

    Score
    1/10
    • Target

      Celestial Rat/server/start.bat

    • Size

      37B

    • MD5

      4d04aeb048cd4e89bf1b6718824ec5a2

    • SHA1

      621e1ae4a7d7901e34e61f6e7fa90b8ad89af0de

    • SHA256

      409dffb5444c2630541f7d539effeeae3df3ed993b4dba2a5e60d8940548b1d1

    • SHA512

      99c18b9c6a397c4033a2dde8fdc1fa13b9d5a685d50548358651d617c42b059b8f772d7e34dc1769ae546e11229b19185a4fd93ce2753567ead51a999365fb40

    Score
    1/10
    • Target

      Celestial Rat/server/start.sh

    • Size

      31B

    • MD5

      e61025394a091067d696d9bad73ee4ac

    • SHA1

      1332dde20433eb1415c416f0281a884bcdf2890f

    • SHA256

      b5cdc6104a9d576c35234153d4658fed1e152dc4044064ca1af376d88e254b92

    • SHA512

      921df7058d7fc535e2d72c14922e860e3944318cb0d7734f122a782e73272b4b2dd79ec62b2025c30012a984a6798c3e7873be38ebc2410bef191e9787ef1328

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks