Overview

overview

10

Static

static

3

CeleryAPI.dll

windows7-x64

1

CeleryAPI.dll

windows10-2004-x64

10

Resubmissions

09/09/2024, 01:03

240909-beeagawgpg 3

09/09/2024, 00:50

240909-a7crnstdnl 10

Sharing

Copy URL Twitter E-mail

General

  • Target

    CeleryAPI.dll

  • Size

    21KB

  • Sample

    240909-a7crnstdnl

  • MD5

    99a217bdc8c685c3b0a319d9ea8a14db

  • SHA1

    4033ddd18b8050575fdc6c59476469e681c6a5d2

  • SHA256

    77d28d642ae0933ae522351fdb0b610045bbbf7911cfc8d8febbdea981a4ca19

  • SHA512

    2675b79714d748339bc041508c4ace30ea5a19e931f1b85ca3010e2642e3859c5089763a54346d02da7788b8daa3500664b3e471be63c5c6282e242272a8bdf5

  • SSDEEP

    384:V5hMn/3zqAaomvdkf0azg5mnUXHU6BV7rFY+EJs325Kc:I/zBCClNUX0e7Z835n

Score
10/10
discoveryexecution

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://community.chocolatey.org/install.ps1

Targets

    • Target

      CeleryAPI.dll

    • Size

      21KB

    • MD5

      99a217bdc8c685c3b0a319d9ea8a14db

    • SHA1

      4033ddd18b8050575fdc6c59476469e681c6a5d2

    • SHA256

      77d28d642ae0933ae522351fdb0b610045bbbf7911cfc8d8febbdea981a4ca19

    • SHA512

      2675b79714d748339bc041508c4ace30ea5a19e931f1b85ca3010e2642e3859c5089763a54346d02da7788b8daa3500664b3e471be63c5c6282e242272a8bdf5

    • SSDEEP

      384:V5hMn/3zqAaomvdkf0azg5mnUXHU6BV7rFY+EJs325Kc:I/zBCClNUX0e7Z835n

    Score
    10/10
    discoveryexecution

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks