General
-
Target
Celery.exe
-
Size
17.8MB
-
Sample
241029-cb6qzsznfn
-
MD5
9456cbd8d57d7a61d899aae79b5ee862
-
SHA1
42135056c2f963cb94edeaac23f7c0eed1cde6b3
-
SHA256
24e427fe676e2b9ca98c7fc0179ed4c8ee058500072ad645d554ffeb2f072ab6
-
SHA512
c71030da342ba2c8d589c3f93e71c54d4578a16587787e0b4b3d97bf5a9bd6c49d282b117f695d27b3438f3affe5fc715cc5f587e6c3e679ea125c0cbfe2c057
-
SSDEEP
393216:2qPnLFXlrPmQ8DOETgsvfGF0gK8mvE9cUSdOibq:bPLFXNOQhEtdqFSde
Malware Config
Targets
-
-
Target
Celery.exe
-
Size
17.8MB
-
MD5
9456cbd8d57d7a61d899aae79b5ee862
-
SHA1
42135056c2f963cb94edeaac23f7c0eed1cde6b3
-
SHA256
24e427fe676e2b9ca98c7fc0179ed4c8ee058500072ad645d554ffeb2f072ab6
-
SHA512
c71030da342ba2c8d589c3f93e71c54d4578a16587787e0b4b3d97bf5a9bd6c49d282b117f695d27b3438f3affe5fc715cc5f587e6c3e679ea125c0cbfe2c057
-
SSDEEP
393216:2qPnLFXlrPmQ8DOETgsvfGF0gK8mvE9cUSdOibq:bPLFXNOQhEtdqFSde
Score7/10-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-