Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

07/10/2024, 00:00

241007-aaf3tsxdma 10

06/10/2024, 23:57

241006-3zlzlaxcma 10

General

  • Target

    celerysetup.zip

  • Size

    7.4MB

  • Sample

    241006-3zlzlaxcma

  • MD5

    88e5fc3debcf806c790223809892d5db

  • SHA1

    301e3023bc8f950d54fdb55c0c22376615b6f81b

  • SHA256

    924b383b04c68017160a9c7e321eff265840987fb23c140a15c74033bd2b2032

  • SHA512

    0de456cf8747830f0d516b14ef91c2612dadcf0156f703a23eff4f3167682d48e47d62d6decfc28bace428ffbd85d7cf2421d18100a79b1d45c9f99d25d4da25

  • SSDEEP

    196608:6ooxZ8fBQxQxtIz5WtWwUFD0rT/a0yuwzI1tIkIW5AW6jt/pUR:6HxZ6QxQQ0tWR0HVws1t1uV/Q

Malware Config

Targets

    • Target

      celerysetup.exe

    • Size

      7.6MB

    • MD5

      bcc4c5c4f3e9d8e5c12a4b156766f117

    • SHA1

      f85e013c8bbad32e8f54f99382b80f71adb79130

    • SHA256

      4dbf6c6b281c6841b734e685cfa02d0eca8470e6470193baff6458deff269a99

    • SHA512

      6e7dafce0fa29f65753e8932a24fbe44c1caa498730ffed6dd9649395bf0db33fffecb404a6a92e9f26d65df57d9ed58aa86d533b462f0035b600e12daafddc0

    • SSDEEP

      196608:k3+sxfkRrLvjurErvI9pWjgU1DEzx7sKL/s1tekAW5kCU79aUXgH:yXxfezurEUWjhEhn01tjer0Kc

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks