Overview
overview
10Static
static
10Celery.exe
windows7-x64
7Celery.exe
windows10-2004-x64
9discord_to...er.pyc
windows7-x64
3discord_to...er.pyc
windows10-2004-x64
3get_cookies.pyc
windows7-x64
3get_cookies.pyc
windows10-2004-x64
3misc.pyc
windows7-x64
3misc.pyc
windows10-2004-x64
3passwords_grabber.pyc
windows7-x64
3passwords_grabber.pyc
windows10-2004-x64
3source_prepared.pyc
windows7-x64
3source_prepared.pyc
windows10-2004-x64
3Resubmissions
01-08-2024 08:14
240801-j48vda1blm 1029-07-2024 20:18
240729-y285paycjr 1029-07-2024 20:11
240729-yyr21ayanl 10Analysis
-
max time kernel
13s -
max time network
18s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
29-07-2024 20:11
Behavioral task
behavioral1
Sample
Celery.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
Celery.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
discord_token_grabber.pyc
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
discord_token_grabber.pyc
Resource
win10v2004-20240709-en
Behavioral task
behavioral5
Sample
get_cookies.pyc
Resource
win7-20240729-en
Behavioral task
behavioral6
Sample
get_cookies.pyc
Resource
win10v2004-20240709-en
Behavioral task
behavioral7
Sample
misc.pyc
Resource
win7-20240729-en
Behavioral task
behavioral8
Sample
misc.pyc
Resource
win10v2004-20240729-en
Behavioral task
behavioral9
Sample
passwords_grabber.pyc
Resource
win7-20240729-en
Behavioral task
behavioral10
Sample
passwords_grabber.pyc
Resource
win10v2004-20240709-en
Behavioral task
behavioral11
Sample
source_prepared.pyc
Resource
win7-20240729-en
Behavioral task
behavioral12
Sample
source_prepared.pyc
Resource
win10v2004-20240709-en
General
-
Target
Celery.exe
-
Size
56.9MB
-
MD5
c6226e46b67143c0daa5fb37ddaad7df
-
SHA1
ef800ca848512dff3c2af114b589a43ad5027d5e
-
SHA256
395532c65dc8a2ecf47db85df7d362ba6170d39bbb98e2f844a3d3be25d32e7b
-
SHA512
e482cefca0fcd0905492f1275390c64e72aa3dd595cee248e56e6b3521a8e65dab4eb39cc035c4fb5384d6665f6337a1d1633d75988690c38f02492c9309c364
-
SSDEEP
1572864:LvxZQglY7vaSk8IpG7V+VPhqYdfCE70lgvWjYDxo:LvxZx+eSkB05awcfAev+iO
Malware Config
Signatures
-
Loads dropped DLL 7 IoCs
Processes:
Celery.exepid process 1624 Celery.exe 1624 Celery.exe 1624 Celery.exe 1624 Celery.exe 1624 Celery.exe 1624 Celery.exe 1624 Celery.exe -
Processes:
resource yara_rule C:\Users\Admin\AppData\Local\Temp\_MEI26802\python311.dll upx behavioral1/memory/1624-1214-0x000007FEF53D0000-0x000007FEF59C2000-memory.dmp upx -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
Celery.exedescription pid process target process PID 2680 wrote to memory of 1624 2680 Celery.exe Celery.exe PID 2680 wrote to memory of 1624 2680 Celery.exe Celery.exe PID 2680 wrote to memory of 1624 2680 Celery.exe Celery.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
21KB
MD5e2a03fb652b3f3f2a39d305e0fc991f9
SHA149292471fb6b2a08a3b5ea4d55c7ba63d7c22df4
SHA2566d6aa0c0de2e39580807b2996070033fdbae5b41c4fa9520a102479731ba1e29
SHA512b2f4336c29a9b8b59d206b11ef39208f95abde83efee90fb12ae9cb9cd84b983d431eebfd2b9550bd2ad47ba0332b0e57f86699aa2198d0f94e615adcc3ea9bc
-
Filesize
20KB
MD550abf0a7ee67f00f247bada185a7661c
SHA10cddac9ac4db3bf10a11d4b79085ef9cb3fb84a1
SHA256f957a4c261506484b53534a9be8931c02ec1a349b3f431a858f8215cecfec3f7
SHA512c2694bb5d103baff1264926a04d2f0fe156b8815a23c3748412a81cc307b71a9236a0e974b5549321014065e393d10228a0f0004df9ba677f03b5d244a64b528
-
Filesize
21KB
MD53e4e4b68179d85d2ef56d63cb6b4caa2
SHA15e75a9e9805ea454d9fb646b4cacff936357cbba
SHA256897b716684eed10bd4214c9f518bbbbb8b5f76152a3f91355112873b0677d05c
SHA51281e85262c3db997a021d4e73f80251783b9ec8fe022f4dce846e824252abd01fdc5f1f1084d6aad0b9cbbe30e08142a0d648816b856dc7068b2ce412399cef8b
-
Filesize
21KB
MD53d73a0d2988f2d91e8bf09f1df449bf0
SHA16ccd48cd3dc1c23700c3b8f4a3b9dfdf8c08ff08
SHA256521340b666bd5e74b395d56b7886a795b95dea9997a2eb6ff198c16745b55f18
SHA51222713e21375dd0c87881862c74bf1945265ef81e4f91bf6a7b1cc3727a923e113c8dc2b12bc538f2f0fe8c3224ce6b776284b42be075831478d2d1fc251fb32e
-
Filesize
21KB
MD53f319e5743e66e32488529d75ec15981
SHA133f2ce75ede1df246703871331e7c4934790c639
SHA25644704de5e39e481928088e5e3eab77498b1215ffb1ac10edb0568c0b29896232
SHA512c8ac4fec1cd02851420480c379077af41f6cbb31fbeb66af114a7bef856b4e548aecc34ab816f0f7e3675ae3e0b35d789068e095241bc4e5fdcdbf6e55f1ded2
-
Filesize
1.6MB
MD5548809b87186356c7ac6421562015915
SHA18fa683eed7f916302c2eb1a548c12118bea414fa
SHA2566c65da37cf6464507ad9d187a34f5b5d61544b83d831547642d17c01852599a1
SHA512c0b63bf9908e23457cf6c2551219c7951bc1a164f3a585cde750b244fa628753ee43fde35f2aa76223fd9f90cf5ea582241ab510f7373a247eae0b26817198fc
-
Filesize
1.1MB
MD53b337c2d41069b0a1e43e30f891c3813
SHA1ebee2827b5cb153cbbb51c9718da1549fa80fc5c
SHA256c04daeba7e7c4b711d33993ab4c51a2e087f98f4211aea0dcb3a216656ba0ab7
SHA512fdb3012a71221447b35757ed2bdca6ed1f8833b2f81d03aabebd2cd7780a33a9c3d816535d03c5c3edd5aaf11d91156842b380e2a63135e3c7f87193ad211499