Overview
overview
6Static
static
3BetterFold...er.dll
windows7-x64
1BetterFold...er.dll
windows10-2004-x64
1CeleryApp.exe
windows7-x64
1CeleryApp.exe
windows10-2004-x64
1CeleryIn.dll
windows7-x64
1CeleryIn.dll
windows10-2004-x64
6CeleryInject.exe
windows7-x64
1CeleryInject.exe
windows10-2004-x64
1Costura.dll
windows7-x64
1Costura.dll
windows10-2004-x64
1Dragablz.dll
windows7-x64
1Dragablz.dll
windows10-2004-x64
1MaterialDe...rs.dll
windows7-x64
1MaterialDe...rs.dll
windows10-2004-x64
1MaterialDe...ns.dll
windows7-x64
1MaterialDe...ns.dll
windows10-2004-x64
1Microsoft....re.dll
windows7-x64
1Microsoft....re.dll
windows10-2004-x64
1Microsoft....ms.dll
windows7-x64
1Microsoft....ms.dll
windows10-2004-x64
1Microsoft....pf.dll
windows7-x64
1Microsoft....pf.dll
windows10-2004-x64
1Microsoft....rs.dll
windows7-x64
1Microsoft....rs.dll
windows10-2004-x64
1System.Dia...ce.dll
windows7-x64
1System.Dia...ce.dll
windows10-2004-x64
1bin/Monaco/index.html
windows7-x64
3bin/Monaco/index.html
windows10-2004-x64
3bin/Monaco...ain.js
windows7-x64
3bin/Monaco...ain.js
windows10-2004-x64
3bin/Monaco...tes.js
windows7-x64
3bin/Monaco...tes.js
windows10-2004-x64
3General
-
Target
Release.zip
-
Size
9.1MB
-
Sample
240806-r4d9rs1hqn
-
MD5
39f94b3934c37e20ad404840281d10ce
-
SHA1
537841ac93567cd0a4ac2494197341208df76442
-
SHA256
7643f989a6b22411ac72a4c17ae5ddee007440bd794d1d3be416bb5b45b53f9b
-
SHA512
a63726c804a3772d49c2111fb18130762c9db6b3bedd8c07a064c1d33a2e0a2ca76e55351102993abe8d9d6758c217ed0eb8af4526ab86fa8ad0c8b93ad1a296
-
SSDEEP
196608:Jy/QEcnNVmUhiF5sBio1UOQi9dq9ogl8fR60r:n1M5sb6ekSglMR60r
Static task
static1
Behavioral task
behavioral1
Sample
BetterFolderBrowser.dll
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
BetterFolderBrowser.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
CeleryApp.exe
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
CeleryApp.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
CeleryIn.dll
Resource
win7-20240704-en
Behavioral task
behavioral6
Sample
CeleryIn.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
CeleryInject.exe
Resource
win7-20240708-en
Behavioral task
behavioral8
Sample
CeleryInject.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
Costura.dll
Resource
win7-20240729-en
Behavioral task
behavioral10
Sample
Costura.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
Dragablz.dll
Resource
win7-20240705-en
Behavioral task
behavioral12
Sample
Dragablz.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
MaterialDesignColors.dll
Resource
win7-20240704-en
Behavioral task
behavioral14
Sample
MaterialDesignColors.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral15
Sample
MaterialDesignExtensions.dll
Resource
win7-20240705-en
Behavioral task
behavioral16
Sample
MaterialDesignExtensions.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral17
Sample
Microsoft.Web.WebView2.Core.dll
Resource
win7-20240704-en
Behavioral task
behavioral18
Sample
Microsoft.Web.WebView2.Core.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral19
Sample
Microsoft.Web.WebView2.WinForms.dll
Resource
win7-20240708-en
Behavioral task
behavioral20
Sample
Microsoft.Web.WebView2.WinForms.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral21
Sample
Microsoft.Web.WebView2.Wpf.dll
Resource
win7-20240705-en
Behavioral task
behavioral22
Sample
Microsoft.Web.WebView2.Wpf.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral23
Sample
Microsoft.Xaml.Behaviors.dll
Resource
win7-20240705-en
Behavioral task
behavioral24
Sample
Microsoft.Xaml.Behaviors.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral25
Sample
System.Diagnostics.DiagnosticSource.dll
Resource
win7-20240708-en
Behavioral task
behavioral26
Sample
System.Diagnostics.DiagnosticSource.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral27
Sample
bin/Monaco/index.html
Resource
win7-20240705-en
Behavioral task
behavioral28
Sample
bin/Monaco/index.html
Resource
win10v2004-20240802-en
Behavioral task
behavioral29
Sample
bin/Monaco/vs/base/worker/workerMain.js
Resource
win7-20240708-en
Behavioral task
behavioral30
Sample
bin/Monaco/vs/base/worker/workerMain.js
Resource
win10v2004-20240802-en
Behavioral task
behavioral31
Sample
bin/Monaco/vs/basic-languages/lua/autocompletes.js
Resource
win7-20240729-en
Behavioral task
behavioral32
Sample
bin/Monaco/vs/basic-languages/lua/autocompletes.js
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
BetterFolderBrowser.dll
-
Size
12KB
-
MD5
fff67e7d52b58a11d456a1d5cd2ba294
-
SHA1
6dea84a0a060c39c93b1e3f404270c039d3dbfdd
-
SHA256
5334c9c4eb567a89e4644df868d7fb6e242a3ea422b2ce9283843970ec756372
-
SHA512
fc8cc5fbc624559e03e70c48bd4e6e4595b1784fdf2c258b33ddb3410bdd93dcf26f3b5db4e4d0d8f133e8df93fe95ab93a703efa92a0a4133f57f48ebd6ea74
-
SSDEEP
192:2ZPVABalnP/VYkWdcHIp3RgzK/RGLHdnKuWGIBC0p++kVX805N9:2ABk1W4Ip3ez4RoF2+bR805N9
Score1/10 -
-
-
Target
CeleryApp.exe
-
Size
8.8MB
-
MD5
74c366b46a85acac6c83e9671e64dda7
-
SHA1
dc9a7b4cc7511b701401aa86e0106d3495e3a0fe
-
SHA256
6a25cc6c05e54ca56e8b51d2b2bd8b9a17a96ecb1d1f6d4442d36378dc809ed1
-
SHA512
e0df64a74c3c9e1c36f5957d346d961cc92741b1803e05d41454dde4371a0e9420f9e79163bed9fe2d8b588b9da6f2faaa08003ca50be37a6425a8320acd15cb
-
SSDEEP
98304:wEgLIRfyC7egWJ3iJzdjf4fwraOWcD9XdMPABIw/t6KHDicVwzUs7:wEguhegD4fJOWs9XNBZ16M2cuU
Score1/10 -
-
-
Target
CeleryIn.bin
-
Size
44KB
-
MD5
2682352886b9de7763dd637ff940ef97
-
SHA1
6df1516ed9f1084bd0e7b217996353afa3babb98
-
SHA256
eab4356a735f604b31f493f2c9f0f98448ebc2671825e348145609fed6e927e4
-
SHA512
0799a9d1126b444992638bb16e62726d7d49753d74845114f0076fb5d1e7159c83d0f7e62a1a80a9b034a59529ef73b0fd7acfdccc754cc9c3cfd1984ae4ec3c
-
SSDEEP
384:rVdzew6q0MEe7Tc8cZO1D9WDPAULcRUSoTYVJa51xoVMmA2QdwB5bh1r:5YiXFcZkRcZJTYVJanUNA2jj
Score6/10-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
CeleryInject.exe
-
Size
5.0MB
-
MD5
a219324612da6da115423f2118ed7d60
-
SHA1
e25653239651637604e1b6e65fdd719aee2917ec
-
SHA256
b3f9cdae756e9cf1f5b8a823648395ed68d82c6a62d606fd0c6eb9a0be10d51f
-
SHA512
9958ca39f43c7754e6a5586e5cb1a40963a4ec9db898051c327198c31708beb067944d1581355f2bb04e69de62e69de8a6a708213d60d571f74c112b3d489187
-
SSDEEP
49152:HBAPhbBL8IjBDC0J0S27DGjyclWb53PppOPxjfsRdn6dnndn+dnT0Uf:HnIRZJ
Score1/10 -
-
-
Target
Costura.dll
-
Size
4KB
-
MD5
501981c7fc457d59238eb99780efb615
-
SHA1
f1f25c01f6acf33bdd62c4f82d3ef078e76f0906
-
SHA256
41bb464ac7c0d192641077e44a59d7d89860c3c620a59961f2fc4a4be47deae3
-
SHA512
5921d0662add6c8aa075106878cc56335ccbf059d8bc7f359fe9e02a52ec657c3e5df1c718929564c09f205e4bd299b086f3e7424141f5e55ed0d756f65ee1e8
-
SSDEEP
48:6F+lni2qJfjVRPGwzCo4MhTN0KDdilETrVsH4/QWk1qyFVT2IbG:7g7KedGEiYIWM2
Score1/10 -
-
-
Target
Dragablz.dll
-
Size
233KB
-
MD5
5a9583a7bed76b2e94091f9b74716f68
-
SHA1
60552dc4ed629b32a7c0e7b31406a21829bdc38e
-
SHA256
6c5724efe19f5945143626a8270c9c3a188d4886eeaca083c57c742a985c7338
-
SHA512
8ab70fd60a27a80e43a270a401e8772833ad0a11ade1ea13483b37b1a02dbb70679bbe200fceca632ee1ba8df66a95a51a2fe65671eb3ae596682d3e1ee1c0d5
-
SSDEEP
6144:fTuK/5J3BPYcKHJv8ahfgfkMMafGfCfDf2fE:fKKhP+Dhfgf7fGfCfDf2f
Score1/10 -
-
-
Target
MaterialDesignColors.dll
-
Size
295KB
-
MD5
d2207fccbdd6caa91c43776559ce401f
-
SHA1
4f78f282a238b21ad1f995f154d624865d08a38a
-
SHA256
1966082c8efa5ecddac7fd8b3e3b86a63599602d18bdff17e7c366d49603aaf0
-
SHA512
d4984e3a6d82e7ebe11c2f7ea07092e60ef1396849921c6c0a463dd9b38836c5f6799e79f932bddc62b89d7a9896b5e5ba931c3c8cbfedff51076a41796a8c0e
-
SSDEEP
1536:1r1In+fq1fDfDemxD0EsXpGX0EOAyzU7fKoVxbzQXT:B1WB1PerAjOAL7fKoVxb2T
Score1/10 -
-
-
Target
MaterialDesignExtensions.dll
-
Size
349KB
-
MD5
6da7ae89f1eac96f143dc5200031d8b8
-
SHA1
d9dc3936bc9a288a727cb2295c3d05899adcc9c8
-
SHA256
c5b93560fa74b9a05959aae5116da59495d36782d2e17e45f0efcc06ad36ed6a
-
SHA512
3929f7092a5acb5ae3333e7e0a9ac2a403b78c8c8ad35a17ece25e6688a61a0f7e4b701691b02ad2941c6e15d2262c6f8ae76413af93dc92aa422e1738147e94
-
SSDEEP
6144:OM2EyV6zxDNFOzaFkpXeRk7ecDfE0MHOZB0zSvo1UvEGK262:nGVcxHOzxpuRk7emfE0MHOZB0zSvo1UJ
Score1/10 -
-
-
Target
Microsoft.Web.WebView2.Core.dll
-
Size
445KB
-
MD5
c4b4a5f4f28d47239eb4e37cb3cc8046
-
SHA1
ed86941cf065f91758d536d8e13cc2542cc38922
-
SHA256
c2441011ec290b3408391f32072379f677ab3fa4507c4304167cd82fad6593c1
-
SHA512
440ee33d5a830d9c59d96367f2a43d4a4113f6fe0924a691e682a2e9251a8615e52177dcb9af225dba538a8a3893ac85be79e9c1aa687034e3da6c95191dc645
-
SSDEEP
12288:EB7Md7DkbrB3kPo+iKvRFNLe1+imQ9pRFZNIEJdIElxPrEIvLcglxMwCepM1STUH:EeFP7
Score1/10 -
-
-
Target
Microsoft.Web.WebView2.WinForms.dll
-
Size
37KB
-
MD5
e6f424ee6036ee7d58283780b705be8c
-
SHA1
c17fc397711fb2e0c400007620c76e70c956dd9c
-
SHA256
c9eeff2dd13109f41447a92763d31aaa07369c58a570c18bbb851824a77da98a
-
SHA512
1d255265115a4a2238a21e3ade35101babcbf9d5de58521365666b9564681119c4b7f20ed6a6c16fb6120ab19106fa40f25421da938b7fee7b8a5e7758f2c22f
-
SSDEEP
768:ejIHFTA42CL9tcZDgcEST3p4Jjrjh2jJFSgyauYv1JKia5/Zi/WGQKVu6bL7RSOX:AIS3C5tcZDgcEST3p4JjrjaJFSgyau0H
Score1/10 -
-
-
Target
Microsoft.Web.WebView2.Wpf.dll
-
Size
43KB
-
MD5
0241e0a42b292e0c9b585470c613ec78
-
SHA1
74e4ab7e37bff177a394617923baddfcf087c0e1
-
SHA256
15bcd610a80632ef59d911a8447b11127cdeafbf147c844f1b740735efdf338a
-
SHA512
bd083301c6f93a1852c76686797919787f439c65ea11d430701257fa4d3791a4eff892b6ceea1c534d832bfbc0b0ecca3f671e3a9c50f34089f919e3756882f0
-
SSDEEP
768:k2TI5VoCjJ4Jd7U2zkQ+Z8cDP/ryEH0yBy4JjrD1h2jVh3URGvkz7FKKa5/Bi/xm:VE5tjJ4Y2zf+Z8cDP/ryEH0yBy4JjrDC
Score1/10 -
-
-
Target
Microsoft.Xaml.Behaviors.dll
-
Size
141KB
-
MD5
ec5a1abee150abe698689211b07cd1ec
-
SHA1
affc3cb47da8fe76986d271cdc3e7ea345cc04e5
-
SHA256
b864da9d88414877cea9b1a016146265a5fb9d0e12f4dbb1dccc0cc998119a54
-
SHA512
a2b55b4ffc3f11546ed8d3457e98b986c089e25229bd687da35d45d63e4860722e8b13826d3a3daa1be843cf3a4ae3da4cf9b6fdcb5d1a4948648537e683789f
-
SSDEEP
3072:UAyazS96IT0O6gAf+LwCMe1u051dXcr9/soMEs5r/j9:tyhYIT0O65cwCMyE
Score1/10 -
-
-
Target
System.Diagnostics.DiagnosticSource.dll
-
Size
34KB
-
MD5
8d9df432109f1cfdd86723b5f171e3d7
-
SHA1
85dc92edd4b0049ed9049e075c4def8a3d64e43b
-
SHA256
d22133818a30313e0becf010d78a556a56b34ea361dbd33588c9817631fed540
-
SHA512
5c83303934eecfa61c43a071d29c98e5804d37a5dc7f7b035772d6a168b0c5e65dfabef20b46214e65493c4bda44831cafee83615498fbe9e718c884f4650edf
-
SSDEEP
384:iQobG82oiaPaf/gn5LQ0+0zdQUv2CtyW8fiFISWbW9pWJbWivT1Nq0GftpBjAvnC:nA299fI5dxzL2CC11vimvnEBBNFT
Score1/10 -
-
-
Target
bin/Monaco/index.html
-
Size
13KB
-
MD5
8132342ce4b039603cbb3b1a32ab859b
-
SHA1
66c46050a6e5b08758c00455ae26a6c66e94ce4c
-
SHA256
3818906ed429acd27aabad7ec8771893d60658ea31b8d0c92418b96de8ee94e6
-
SHA512
44d93118187e703af1fc1627de7e97c39072e666c9086b1b4c00a7eadce1913c84dc97e8f80e2b514154ef66b23baddbfd71a2faa250735ddf4d2bc12709cef4
-
SSDEEP
192:oL3bXRggAbYm/9mv2Oxr09VpDwFgBsK7u24FzTkcmc/VT+9taAc4dReigXN:2RggAbYmbD9V9wFgBs+SFN
Score3/10 -
-
-
Target
bin/Monaco/vs/base/worker/workerMain.js
-
Size
174KB
-
MD5
9ce9e46b6d66d8b2dbcabba577cad2ed
-
SHA1
397b0e9e7b2bee37a8444e84bb9788a0bdcb023e
-
SHA256
19b566655d73370a820a7d6fffe7af03dba3af4997016c0983be5bd188603ec2
-
SHA512
f322ea669fa81397066edef062721ae3dd515b3d61c4ad7bef0db0eb3a53f056da298fd4f761bd3e5d613e6f5803a7c35ed056085ac3b97e06c7bfd47fffad49
-
SSDEEP
1536:mi5eQeCEwCP1m9JXKmA1xKzyOQJf9X2K7eM9bWXsUK5QSkSoIMQwr+ZjtQYyeTMO:mHTdkKmA1yyOQJl2K7ns6dZ/RVaNzY
Score3/10 -
-
-
Target
bin/Monaco/vs/basic-languages/lua/autocompletes.js
-
Size
2KB
-
MD5
eb6fde8de905af68c855a2506c8a8204
-
SHA1
32b172578f398151be79f78bdeb15eeff4a83020
-
SHA256
1fbe4337327ef99c9caba74678cfff28652606fd667dbca34f12e809738010d9
-
SHA512
6e95ecdfbabf20c2e717006ea00fa92d79e577cf262460cef7f3db7bb4fa87585bed99b6a1bd1d865c5e5184044b0244aa0823580c9444b1f2ff013057f54235
Score3/10 -