Overview

overview

10

Static

static

10

CeleryPaid.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    CeleryPaid.exe

  • Size

    84KB

  • MD5

    d8ddfe689db5aa55038f2a6901bc4129

  • SHA1

    1aa8014aa025d9c664607d8dc382ff519e8f3597

  • SHA256

    a81247dc7f17c060fd6b4a9b4610f43a091c03ad29d2fa1ca33123f24b94a9f6

  • SHA512

    c5e949107c6dd6715f8a53dbdcadd655f122d1e707a091a4eed949bae9a0d14d1fbb4ae29905ab45315a5bd707dc1225fafccb3b0d5cef98859b38ffcfd306bc

  • SSDEEP

    1536:7uUTVTwA4M2a6jK8rICGOMbCFNiLQPJPUGdRPkZb48nZYc6fFyo+O13y0FT4DRuT:7uURTwA4M2ZjK8rICzMbCF/ZUGMbpmco

Score
10/10
ratdefaultasyncrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

193.161.193.99:6606

193.161.193.99:7707

193.161.193.99:8808

193.161.193.99:8000

193.161.193.99:1194

193.161.193.99:39886

193.161.193.99:41111
Mutex

4t5F44SITrns

Attributes
  • delay

    3

  • install

    true

  • install_file

    CeleryPaid.exe

  • install_folder

    %AppData%

aes.plain

Signatures

  • Async RAT payload 1 IoCs
    rat
  • Asyncrat family
    asyncrat
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • CeleryPaid.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections