Resubmissions

29-10-2024 01:58

241029-cd9weszpb1 10

29-10-2024 01:56

241029-cc3eyszngr 10

29-10-2024 01:55

241029-cb6qzsznfn 10

27-10-2024 20:59

241027-zsy4ssznew 10

General

  • Target

    Celery.exe

  • Size

    17.8MB

  • Sample

    241027-zsy4ssznew

  • MD5

    9456cbd8d57d7a61d899aae79b5ee862

  • SHA1

    42135056c2f963cb94edeaac23f7c0eed1cde6b3

  • SHA256

    24e427fe676e2b9ca98c7fc0179ed4c8ee058500072ad645d554ffeb2f072ab6

  • SHA512

    c71030da342ba2c8d589c3f93e71c54d4578a16587787e0b4b3d97bf5a9bd6c49d282b117f695d27b3438f3affe5fc715cc5f587e6c3e679ea125c0cbfe2c057

  • SSDEEP

    393216:2qPnLFXlrPmQ8DOETgsvfGF0gK8mvE9cUSdOibq:bPLFXNOQhEtdqFSde

Malware Config

Targets

    • Target

      Celery.exe

    • Size

      17.8MB

    • MD5

      9456cbd8d57d7a61d899aae79b5ee862

    • SHA1

      42135056c2f963cb94edeaac23f7c0eed1cde6b3

    • SHA256

      24e427fe676e2b9ca98c7fc0179ed4c8ee058500072ad645d554ffeb2f072ab6

    • SHA512

      c71030da342ba2c8d589c3f93e71c54d4578a16587787e0b4b3d97bf5a9bd6c49d282b117f695d27b3438f3affe5fc715cc5f587e6c3e679ea125c0cbfe2c057

    • SSDEEP

      393216:2qPnLFXlrPmQ8DOETgsvfGF0gK8mvE9cUSdOibq:bPLFXNOQhEtdqFSde

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks