Overview

overview

5

Static

static

3

Release.zip

windows7-x64

1

Release.zip

windows10-2004-x64

1

BetterFold...er.dll

windows7-x64

1

BetterFold...er.dll

windows10-2004-x64

1

CeleryApp.exe

windows7-x64

1

CeleryApp.exe

windows10-2004-x64

1

CeleryIn.dll

windows7-x64

1

CeleryIn.dll

windows10-2004-x64

1

CeleryInject.exe

windows7-x64

3

CeleryInject.exe

windows10-2004-x64

5

CeleryLaun...g.json

windows7-x64

3

CeleryLaun...g.json

windows10-2004-x64

3

CeleryLogo.ico

windows7-x64

3

CeleryLogo.ico

windows10-2004-x64

3

CeleryLogo.png

windows7-x64

3

CeleryLogo.png

windows10-2004-x64

3

CeleryScript.bin

windows7-x64

3

CeleryScript.bin

windows10-2004-x64

3

Costura.dll

windows7-x64

1

Costura.dll

windows10-2004-x64

1

Dragablz.dll

windows7-x64

1

Dragablz.dll

windows10-2004-x64

1

MaterialDe...rs.dll

windows7-x64

1

MaterialDe...rs.dll

windows10-2004-x64

1

MaterialDe...ns.dll

windows7-x64

1

MaterialDe...ns.dll

windows10-2004-x64

1

Microsoft....re.dll

windows7-x64

1

Microsoft....re.dll

windows10-2004-x64

1

Microsoft....ms.dll

windows7-x64

1

Microsoft....ms.dll

windows10-2004-x64

1

Microsoft....pf.dll

windows7-x64

1

Microsoft....pf.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Release.zip

  • Size

    9.1MB

  • Sample

    240807-rkh4lszbrn

  • MD5

    39f94b3934c37e20ad404840281d10ce

  • SHA1

    537841ac93567cd0a4ac2494197341208df76442

  • SHA256

    7643f989a6b22411ac72a4c17ae5ddee007440bd794d1d3be416bb5b45b53f9b

  • SHA512

    a63726c804a3772d49c2111fb18130762c9db6b3bedd8c07a064c1d33a2e0a2ca76e55351102993abe8d9d6758c217ed0eb8af4526ab86fa8ad0c8b93ad1a296

  • SSDEEP

    196608:Jy/QEcnNVmUhiF5sBio1UOQi9dq9ogl8fR60r:n1M5sb6ekSglMR60r

Score
5/10
discovery

Malware Config

Targets

    • Target

      Release.zip

    • Size

      9.1MB

    • MD5

      39f94b3934c37e20ad404840281d10ce

    • SHA1

      537841ac93567cd0a4ac2494197341208df76442

    • SHA256

      7643f989a6b22411ac72a4c17ae5ddee007440bd794d1d3be416bb5b45b53f9b

    • SHA512

      a63726c804a3772d49c2111fb18130762c9db6b3bedd8c07a064c1d33a2e0a2ca76e55351102993abe8d9d6758c217ed0eb8af4526ab86fa8ad0c8b93ad1a296

    • SSDEEP

      196608:Jy/QEcnNVmUhiF5sBio1UOQi9dq9ogl8fR60r:n1M5sb6ekSglMR60r

    Score
    1/10
    behavioral1behavioral2

    • Target

      BetterFolderBrowser.dll

    • Size

      12KB

    • MD5

      fff67e7d52b58a11d456a1d5cd2ba294

    • SHA1

      6dea84a0a060c39c93b1e3f404270c039d3dbfdd

    • SHA256

      5334c9c4eb567a89e4644df868d7fb6e242a3ea422b2ce9283843970ec756372

    • SHA512

      fc8cc5fbc624559e03e70c48bd4e6e4595b1784fdf2c258b33ddb3410bdd93dcf26f3b5db4e4d0d8f133e8df93fe95ab93a703efa92a0a4133f57f48ebd6ea74

    • SSDEEP

      192:2ZPVABalnP/VYkWdcHIp3RgzK/RGLHdnKuWGIBC0p++kVX805N9:2ABk1W4Ip3ez4RoF2+bR805N9

    Score
    1/10
    behavioral3behavioral4

    • Target

      CeleryApp.exe

    • Size

      8.8MB

    • MD5

      74c366b46a85acac6c83e9671e64dda7

    • SHA1

      dc9a7b4cc7511b701401aa86e0106d3495e3a0fe

    • SHA256

      6a25cc6c05e54ca56e8b51d2b2bd8b9a17a96ecb1d1f6d4442d36378dc809ed1

    • SHA512

      e0df64a74c3c9e1c36f5957d346d961cc92741b1803e05d41454dde4371a0e9420f9e79163bed9fe2d8b588b9da6f2faaa08003ca50be37a6425a8320acd15cb

    • SSDEEP

      98304:wEgLIRfyC7egWJ3iJzdjf4fwraOWcD9XdMPABIw/t6KHDicVwzUs7:wEguhegD4fJOWs9XNBZ16M2cuU

    Score
    1/10
    behavioral5behavioral6

    • Target

      CeleryIn.bin

    • Size

      44KB

    • MD5

      2682352886b9de7763dd637ff940ef97

    • SHA1

      6df1516ed9f1084bd0e7b217996353afa3babb98

    • SHA256

      eab4356a735f604b31f493f2c9f0f98448ebc2671825e348145609fed6e927e4

    • SHA512

      0799a9d1126b444992638bb16e62726d7d49753d74845114f0076fb5d1e7159c83d0f7e62a1a80a9b034a59529ef73b0fd7acfdccc754cc9c3cfd1984ae4ec3c

    • SSDEEP

      384:rVdzew6q0MEe7Tc8cZO1D9WDPAULcRUSoTYVJa51xoVMmA2QdwB5bh1r:5YiXFcZkRcZJTYVJanUNA2jj

    Score
    1/10
    behavioral7behavioral8

    • Target

      CeleryInject.exe

    • Size

      5.0MB

    • MD5

      a219324612da6da115423f2118ed7d60

    • SHA1

      e25653239651637604e1b6e65fdd719aee2917ec

    • SHA256

      b3f9cdae756e9cf1f5b8a823648395ed68d82c6a62d606fd0c6eb9a0be10d51f

    • SHA512

      9958ca39f43c7754e6a5586e5cb1a40963a4ec9db898051c327198c31708beb067944d1581355f2bb04e69de62e69de8a6a708213d60d571f74c112b3d489187

    • SSDEEP

      49152:HBAPhbBL8IjBDC0J0S27DGjyclWb53PppOPxjfsRdn6dnndn+dnT0Uf:HnIRZJ

    Score
    5/10
    discovery

    • Drops file in System32 directory

    behavioral10behavioral9

    • Target

      CeleryLauncher.runtimeconfig.json

    • Size

      372B

    • MD5

      d94cf983fba9ab1bb8a6cb3ad4a48f50

    • SHA1

      04855d8b7a76b7ec74633043ef9986d4500ca63c

    • SHA256

      1eca0f0c70070aa83bb609e4b749b26dcb4409784326032726394722224a098a

    • SHA512

      09a9667d4f4622817116c8bc27d3d481d5d160380a2e19b8944bdd1271a83f718415ce5e6d66e82e36819e575ec1b55f19c45213e0013b877b8d61e6feb9d998

    Score
    3/10
    discovery
    behavioral11behavioral12

    • Target

      CeleryLogo.ico

    • Size

      4KB

    • MD5

      3246befa41923904f2963da9b19c2dd7

    • SHA1

      fdfec504286148eb258e87298df30fac0e1cb606

    • SHA256

      eabe2efbb4f11ff62c0fd16f8aa5e932a52d8f0603226b8b8320e00335bda70b

    • SHA512

      7e234fb730c67e233cac775feb793376fcd9a9548025867ffbf9420398fccc72287bc39162cdacfba6b43613fa54695a1c0b8a14b45f6a381959d3e4cb728185

    • SSDEEP

      48:4MR4sNF78zZHhU2fjhzoivJxBx9thQPvsFwz10C6u4N2y+AIXanZ2xuxh+7P:HmM8/WijFtYaQ0juXj/y56P

    Score
    3/10
    behavioral13behavioral14

    • Target

      CeleryLogo.png

    • Size

      14KB

    • MD5

      bac9347d28295cb29b8be12e770fadec

    • SHA1

      b2c6c46fea41e95e983dde4c4a215ea9ed2f447c

    • SHA256

      bdaaba382b0884c9e3416fd5d0d3d6024e3a8f8ecc89e218aa36bc914ebe9114

    • SHA512

      2726fe9f8d6b406aac086ac0c38c613413d648f0501fcaf14a9d97d8804e0089ac38f7c53b5077c287ddcd71043c4b2fb9fd8266c27bb0b51bccdcf7f9e495fc

    • SSDEEP

      384:Z44yCiwSneFfrIOKB2nFg7+c52PkjTtKsDgtE8NIHRAe:x6Cf/KUF45PjEsS6ye

    Score
    3/10
    behavioral15behavioral16

    • Target

      CeleryScript.bin

    • Size

      225KB

    • MD5

      cce7a3e2723d9f568952e5cf57c02171

    • SHA1

      646a1558aebfdff7eb3d3b9df6df4560848c171b

    • SHA256

      3903081514fec9c72cb33e4bbfb61986a67555deb1eb90ba82d3b46785454654

    • SHA512

      6dd8989e3d331f4b20c1594fc9b151292da193476eb181d8aea588944b402430d680da78f13451b84b3eccd77c2db80952d0add2baa08c89a8d1600d54292154

    • SSDEEP

      1536:LIwV7Al+RN0OzMa7Ja015BDEDD/p3sPH/tjuubLE9r8ZpZ+cstSMaiOMyg6lp3NK:0wODDR3sP1SubLE9oXMcstSTiOMy1dK

    Score
    3/10
    discovery
    behavioral17behavioral18

    • Target

      Costura.dll

    • Size

      4KB

    • MD5

      501981c7fc457d59238eb99780efb615

    • SHA1

      f1f25c01f6acf33bdd62c4f82d3ef078e76f0906

    • SHA256

      41bb464ac7c0d192641077e44a59d7d89860c3c620a59961f2fc4a4be47deae3

    • SHA512

      5921d0662add6c8aa075106878cc56335ccbf059d8bc7f359fe9e02a52ec657c3e5df1c718929564c09f205e4bd299b086f3e7424141f5e55ed0d756f65ee1e8

    • SSDEEP

      48:6F+lni2qJfjVRPGwzCo4MhTN0KDdilETrVsH4/QWk1qyFVT2IbG:7g7KedGEiYIWM2

    Score
    1/10
    behavioral19behavioral20

    • Target

      Dragablz.dll

    • Size

      233KB

    • MD5

      5a9583a7bed76b2e94091f9b74716f68

    • SHA1

      60552dc4ed629b32a7c0e7b31406a21829bdc38e

    • SHA256

      6c5724efe19f5945143626a8270c9c3a188d4886eeaca083c57c742a985c7338

    • SHA512

      8ab70fd60a27a80e43a270a401e8772833ad0a11ade1ea13483b37b1a02dbb70679bbe200fceca632ee1ba8df66a95a51a2fe65671eb3ae596682d3e1ee1c0d5

    • SSDEEP

      6144:fTuK/5J3BPYcKHJv8ahfgfkMMafGfCfDf2fE:fKKhP+Dhfgf7fGfCfDf2f

    Score
    1/10
    behavioral21behavioral22

    • Target

      MaterialDesignColors.dll

    • Size

      295KB

    • MD5

      d2207fccbdd6caa91c43776559ce401f

    • SHA1

      4f78f282a238b21ad1f995f154d624865d08a38a

    • SHA256

      1966082c8efa5ecddac7fd8b3e3b86a63599602d18bdff17e7c366d49603aaf0

    • SHA512

      d4984e3a6d82e7ebe11c2f7ea07092e60ef1396849921c6c0a463dd9b38836c5f6799e79f932bddc62b89d7a9896b5e5ba931c3c8cbfedff51076a41796a8c0e

    • SSDEEP

      1536:1r1In+fq1fDfDemxD0EsXpGX0EOAyzU7fKoVxbzQXT:B1WB1PerAjOAL7fKoVxb2T

    Score
    1/10
    behavioral23behavioral24

    • Target

      MaterialDesignExtensions.dll

    • Size

      349KB

    • MD5

      6da7ae89f1eac96f143dc5200031d8b8

    • SHA1

      d9dc3936bc9a288a727cb2295c3d05899adcc9c8

    • SHA256

      c5b93560fa74b9a05959aae5116da59495d36782d2e17e45f0efcc06ad36ed6a

    • SHA512

      3929f7092a5acb5ae3333e7e0a9ac2a403b78c8c8ad35a17ece25e6688a61a0f7e4b701691b02ad2941c6e15d2262c6f8ae76413af93dc92aa422e1738147e94

    • SSDEEP

      6144:OM2EyV6zxDNFOzaFkpXeRk7ecDfE0MHOZB0zSvo1UvEGK262:nGVcxHOzxpuRk7emfE0MHOZB0zSvo1UJ

    Score
    1/10
    behavioral25behavioral26

    • Target

      Microsoft.Web.WebView2.Core.dll

    • Size

      445KB

    • MD5

      c4b4a5f4f28d47239eb4e37cb3cc8046

    • SHA1

      ed86941cf065f91758d536d8e13cc2542cc38922

    • SHA256

      c2441011ec290b3408391f32072379f677ab3fa4507c4304167cd82fad6593c1

    • SHA512

      440ee33d5a830d9c59d96367f2a43d4a4113f6fe0924a691e682a2e9251a8615e52177dcb9af225dba538a8a3893ac85be79e9c1aa687034e3da6c95191dc645

    • SSDEEP

      12288:EB7Md7DkbrB3kPo+iKvRFNLe1+imQ9pRFZNIEJdIElxPrEIvLcglxMwCepM1STUH:EeFP7

    Score
    1/10
    behavioral27behavioral28

    • Target

      Microsoft.Web.WebView2.WinForms.dll

    • Size

      37KB

    • MD5

      e6f424ee6036ee7d58283780b705be8c

    • SHA1

      c17fc397711fb2e0c400007620c76e70c956dd9c

    • SHA256

      c9eeff2dd13109f41447a92763d31aaa07369c58a570c18bbb851824a77da98a

    • SHA512

      1d255265115a4a2238a21e3ade35101babcbf9d5de58521365666b9564681119c4b7f20ed6a6c16fb6120ab19106fa40f25421da938b7fee7b8a5e7758f2c22f

    • SSDEEP

      768:ejIHFTA42CL9tcZDgcEST3p4Jjrjh2jJFSgyauYv1JKia5/Zi/WGQKVu6bL7RSOX:AIS3C5tcZDgcEST3p4JjrjaJFSgyau0H

    Score
    1/10
    behavioral29behavioral30

    • Target

      Microsoft.Web.WebView2.Wpf.dll

    • Size

      43KB

    • MD5

      0241e0a42b292e0c9b585470c613ec78

    • SHA1

      74e4ab7e37bff177a394617923baddfcf087c0e1

    • SHA256

      15bcd610a80632ef59d911a8447b11127cdeafbf147c844f1b740735efdf338a

    • SHA512

      bd083301c6f93a1852c76686797919787f439c65ea11d430701257fa4d3791a4eff892b6ceea1c534d832bfbc0b0ecca3f671e3a9c50f34089f919e3756882f0

    • SSDEEP

      768:k2TI5VoCjJ4Jd7U2zkQ+Z8cDP/ryEH0yBy4JjrD1h2jVh3URGvkz7FKKa5/Bi/xm:VE5tjJ4Y2zf+Z8cDP/ryEH0yBy4JjrDC

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
5/10

behavioral11

discovery
Score
3/10

behavioral12

Score
3/10

behavioral13

Score
3/10

behavioral14

Score
3/10

behavioral15

Score
3/10

behavioral16

Score
3/10

behavioral17

discovery
Score
3/10

behavioral18

Score
3/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10