General
-
Target
Celery.exe
-
Size
56.9MB
-
Sample
240801-j48vda1blm
-
MD5
c6226e46b67143c0daa5fb37ddaad7df
-
SHA1
ef800ca848512dff3c2af114b589a43ad5027d5e
-
SHA256
395532c65dc8a2ecf47db85df7d362ba6170d39bbb98e2f844a3d3be25d32e7b
-
SHA512
e482cefca0fcd0905492f1275390c64e72aa3dd595cee248e56e6b3521a8e65dab4eb39cc035c4fb5384d6665f6337a1d1633d75988690c38f02492c9309c364
-
SSDEEP
1572864:LvxZQglY7vaSk8IpG7V+VPhqYdfCE70lgvWjYDxo:LvxZx+eSkB05awcfAev+iO
Behavioral task
behavioral1
Sample
Celery.exe
Resource
win11-20240730-en
Malware Config
Targets
-
-
Target
Celery.exe
-
Size
56.9MB
-
MD5
c6226e46b67143c0daa5fb37ddaad7df
-
SHA1
ef800ca848512dff3c2af114b589a43ad5027d5e
-
SHA256
395532c65dc8a2ecf47db85df7d362ba6170d39bbb98e2f844a3d3be25d32e7b
-
SHA512
e482cefca0fcd0905492f1275390c64e72aa3dd595cee248e56e6b3521a8e65dab4eb39cc035c4fb5384d6665f6337a1d1633d75988690c38f02492c9309c364
-
SSDEEP
1572864:LvxZQglY7vaSk8IpG7V+VPhqYdfCE70lgvWjYDxo:LvxZx+eSkB05awcfAev+iO
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-