General
-
Target
Celery.exe
-
Size
17.8MB
-
Sample
241027-zsy4ssznew
-
MD5
9456cbd8d57d7a61d899aae79b5ee862
-
SHA1
42135056c2f963cb94edeaac23f7c0eed1cde6b3
-
SHA256
24e427fe676e2b9ca98c7fc0179ed4c8ee058500072ad645d554ffeb2f072ab6
-
SHA512
c71030da342ba2c8d589c3f93e71c54d4578a16587787e0b4b3d97bf5a9bd6c49d282b117f695d27b3438f3affe5fc715cc5f587e6c3e679ea125c0cbfe2c057
-
SSDEEP
393216:2qPnLFXlrPmQ8DOETgsvfGF0gK8mvE9cUSdOibq:bPLFXNOQhEtdqFSde
Behavioral task
behavioral1
Sample
Celery.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
Celery.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
Celery.exe
-
Size
17.8MB
-
MD5
9456cbd8d57d7a61d899aae79b5ee862
-
SHA1
42135056c2f963cb94edeaac23f7c0eed1cde6b3
-
SHA256
24e427fe676e2b9ca98c7fc0179ed4c8ee058500072ad645d554ffeb2f072ab6
-
SHA512
c71030da342ba2c8d589c3f93e71c54d4578a16587787e0b4b3d97bf5a9bd6c49d282b117f695d27b3438f3affe5fc715cc5f587e6c3e679ea125c0cbfe2c057
-
SSDEEP
393216:2qPnLFXlrPmQ8DOETgsvfGF0gK8mvE9cUSdOibq:bPLFXNOQhEtdqFSde
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1