Overview

overview

10

Static

static

10

celerysetup.exe

windows10-2004-x64

8

celerysetup.exe

windows11-21h2-x64

8

�M@1g��.pyc

windows10-2004-x64

�M@1g��.pyc

windows11-21h2-x64

Resubmissions

06-10-2024 21:14

241006-z3jrvszhka 10

06-10-2024 21:12

241006-z2bd4awdlj 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    celerysetup.exe

  • Size

    7.6MB

  • Sample

    241006-z3jrvszhka

  • MD5

    bcc4c5c4f3e9d8e5c12a4b156766f117

  • SHA1

    f85e013c8bbad32e8f54f99382b80f71adb79130

  • SHA256

    4dbf6c6b281c6841b734e685cfa02d0eca8470e6470193baff6458deff269a99

  • SHA512

    6e7dafce0fa29f65753e8932a24fbe44c1caa498730ffed6dd9649395bf0db33fffecb404a6a92e9f26d65df57d9ed58aa86d533b462f0035b600e12daafddc0

  • SSDEEP

    196608:k3+sxfkRrLvjurErvI9pWjgU1DEzx7sKL/s1tekAW5kCU79aUXgH:yXxfezurEUWjhEhn01tjer0Kc

Score
10/10
blankgrabbercredential_accessdiscoveryexecutionspywarestealerupx

Malware Config

Targets

    • Target

      celerysetup.exe

    • Size

      7.6MB

    • MD5

      bcc4c5c4f3e9d8e5c12a4b156766f117

    • SHA1

      f85e013c8bbad32e8f54f99382b80f71adb79130

    • SHA256

      4dbf6c6b281c6841b734e685cfa02d0eca8470e6470193baff6458deff269a99

    • SHA512

      6e7dafce0fa29f65753e8932a24fbe44c1caa498730ffed6dd9649395bf0db33fffecb404a6a92e9f26d65df57d9ed58aa86d533b462f0035b600e12daafddc0

    • SSDEEP

      196608:k3+sxfkRrLvjurErvI9pWjgU1DEzx7sKL/s1tekAW5kCU79aUXgH:yXxfezurEUWjhEhn01tjer0Kc

    Score
    8/10
    credential_accessdiscoveryexecutionspywarestealerupx

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      �M@1g��.pyc

    • Size

      1KB

    • MD5

      d81ba7b270d65930c23b9d3e6dafe159

    • SHA1

      24b4e6ba536d18d30c62c25025128945fda9c517

    • SHA256

      e739a80d60150ffbdf9c7ddf63b65012ae4d31754223d48f8893084d97bbb8de

    • SHA512

      03c22724cf83dd7205e5ac9336054dd08b19749e163ae3b49f5ce89120e3aa2b0bc508e93360ae91f718f20a852cb366ec0f363e0f0e13a250a22a1c7d55be25

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks