General
-
Target
Celestrial-Paid-Leak.exe
-
Size
75.5MB
-
Sample
240630-zep9qsyaqq
-
MD5
f039213abab7640ff26bcc39ede11aa9
-
SHA1
50f929bd448dbe97255206ee6bb2031c2bf6a27b
-
SHA256
72f3a785dac566d8284f4cd4356e9a83448bdfcbd2f66fa627c9ce52d1506a16
-
SHA512
b81dae108fd5821765dce5de86c78db0695a51c57b332013a58b52cf2352c4581306749e95a94535866a48af8585b496d369624ecc30c0817620816f38b227c8
-
SSDEEP
1572864:YvFUQ6lnSk8IpG7V+VPhqIbE7WTylPj4iY4MHHLeqPNLtDaSWQ1Z4w0g:YvFU1lSkB05awIxTy5nMHVLteSD10g
Behavioral task
behavioral1
Sample
Celestrial-Paid-Leak.exe
Resource
win11-20240508-en
Behavioral task
behavioral2
Sample
discord_token_grabber.pyc
Resource
win11-20240508-en
Behavioral task
behavioral3
Sample
get_cookies.pyc
Resource
win11-20240508-en
Behavioral task
behavioral4
Sample
misc.pyc
Resource
win11-20240508-en
Behavioral task
behavioral5
Sample
passwords_grabber.pyc
Resource
win11-20240508-en
Behavioral task
behavioral6
Sample
source_prepared.pyc
Resource
win11-20240508-en
Malware Config
Targets
-
-
Target
Celestrial-Paid-Leak.exe
-
Size
75.5MB
-
MD5
f039213abab7640ff26bcc39ede11aa9
-
SHA1
50f929bd448dbe97255206ee6bb2031c2bf6a27b
-
SHA256
72f3a785dac566d8284f4cd4356e9a83448bdfcbd2f66fa627c9ce52d1506a16
-
SHA512
b81dae108fd5821765dce5de86c78db0695a51c57b332013a58b52cf2352c4581306749e95a94535866a48af8585b496d369624ecc30c0817620816f38b227c8
-
SSDEEP
1572864:YvFUQ6lnSk8IpG7V+VPhqIbE7WTylPj4iY4MHHLeqPNLtDaSWQ1Z4w0g:YvFU1lSkB05awIxTy5nMHVLteSD10g
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
discord_token_grabber.pyc
-
Size
8KB
-
MD5
849e6942b15c2008c7641432902645f5
-
SHA1
60942191e1ab3c6d3edf697b57d09c1620c51710
-
SHA256
fa4ec025ef2d20b6ebd19803e7131f6b540a7ba14d6769bfd62c37fb875a134b
-
SHA512
0e6611f100ea22b2d5d5632cd099f87d57696b73bb9c9d10dde98477b2bb1ff927816b54ee005e07df49d6897f36ad3d858ac142ae082d25800f07597f67248a
-
SSDEEP
192:ESB7osP1MJaugQXaafNqaclHJLOq3ZJFD/b8xjJzdJv:TP1iavQTqacyq35D0Fnv
Score3/10 -
-
-
Target
get_cookies.pyc
-
Size
5KB
-
MD5
2754e3152f668e31fccca7b6f275716b
-
SHA1
e9ed74d679a96372c4457e72bc6639a4d96a2378
-
SHA256
f7e8a57b54489b5b3de66a1d21534ced3d2a2fb1ce8d03c69d4672e62aa00dca
-
SHA512
a8331f1c179ed97e6f3821cd41953a5ef8a0b63b6d39022cd3f7980494eff8f00b4367301509014e83c410ed4a6db8e4441f8f3547b682aca250bc4fa29f0f47
-
SSDEEP
96:STUBj1Mvk80VDdybA6HUicwKD7dxWeBJKZLpMglcTK94:wsSl0fQfUpwKfhijMgGW94
Score3/10 -
-
-
Target
misc.pyc
-
Size
2KB
-
MD5
bcb404423ac51f798753e8d11e401071
-
SHA1
9080018dae3aa157e3a97904c86af06d4a0a6873
-
SHA256
572b18ccb1838f23714fae1c8cbb399a08796b1eb846960d5463d40ee784fe5a
-
SHA512
25a2997cff19308956086ae4e464f5039e53149043f094f2a65dae4dfa78b6410650a3c4d1514511f23c6bf77228772fa7b8a3cf5119e4ed46edb65ac40ff800
Score3/10 -
-
-
Target
passwords_grabber.pyc
-
Size
4KB
-
MD5
8b9cbd29c3dfec519a4313b1b7a0069b
-
SHA1
5efb073593bc8908a7514dad78673c9d65344a6f
-
SHA256
589d438226abfec8f71ab7724c68011303f82febb6786fd0c57571b0769764f3
-
SHA512
c0099bcf2d23dd405b2e02e1fd1b946195015eabb1cbd2ce4896f1ab7e5bbc1fbe6600fa529087b5dc295c13219fb6bc1a6ac97efa4c0fc74901f70278c09bfd
-
SSDEEP
96:2APDnTWeYwDTgWxiX79GzTOjYUyWkUUNPIslLClDWJpR6Yn:TzCUDxiLATmeEUNP/lL3JpsYn
Score3/10 -
-
-
Target
source_prepared.pyc
-
Size
65KB
-
MD5
21e172f12afe8a2726608322ded44e05
-
SHA1
df670d791575b18eece176dddb6c4ab1a9344c78
-
SHA256
4be48459709fa29c66e4eb1dc7be64bcfc2a8eea2e55c05f0d61d5f418182b4b
-
SHA512
0218717d485089fcad9f0a65145721d5ba998c7c4be12ec1fb00048bd1beb8a6329be396e13fd7421b22526d1b1edc1e3097787291dc9cb202e032292984d5b3
-
SSDEEP
1536:IaBgVgJPkBBj1uYCFjUIOihdBsoGwjRQ53:9g2FkBkFwIOCsoD0
Score3/10 -
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Virtualization/Sandbox Evasion
1Hide Artifacts
2Hidden Files and Directories
2Modify Registry
1