Resubmissions

01-08-2024 08:14

240801-j48vda1blm 10

29-07-2024 20:18

240729-y285paycjr 10

29-07-2024 20:11

240729-yyr21ayanl 10

General

  • Target

    Celery.exe

  • Size

    56.9MB

  • Sample

    240801-j48vda1blm

  • MD5

    c6226e46b67143c0daa5fb37ddaad7df

  • SHA1

    ef800ca848512dff3c2af114b589a43ad5027d5e

  • SHA256

    395532c65dc8a2ecf47db85df7d362ba6170d39bbb98e2f844a3d3be25d32e7b

  • SHA512

    e482cefca0fcd0905492f1275390c64e72aa3dd595cee248e56e6b3521a8e65dab4eb39cc035c4fb5384d6665f6337a1d1633d75988690c38f02492c9309c364

  • SSDEEP

    1572864:LvxZQglY7vaSk8IpG7V+VPhqYdfCE70lgvWjYDxo:LvxZx+eSkB05awcfAev+iO

Malware Config

Targets

    • Target

      Celery.exe

    • Size

      56.9MB

    • MD5

      c6226e46b67143c0daa5fb37ddaad7df

    • SHA1

      ef800ca848512dff3c2af114b589a43ad5027d5e

    • SHA256

      395532c65dc8a2ecf47db85df7d362ba6170d39bbb98e2f844a3d3be25d32e7b

    • SHA512

      e482cefca0fcd0905492f1275390c64e72aa3dd595cee248e56e6b3521a8e65dab4eb39cc035c4fb5384d6665f6337a1d1633d75988690c38f02492c9309c364

    • SSDEEP

      1572864:LvxZQglY7vaSk8IpG7V+VPhqYdfCE70lgvWjYDxo:LvxZx+eSkB05awcfAev+iO

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks