General
-
Target
Celestrial-Paid-Leak.exe
-
Size
75.5MB
-
Sample
240630-zgdcysvdma
-
MD5
f039213abab7640ff26bcc39ede11aa9
-
SHA1
50f929bd448dbe97255206ee6bb2031c2bf6a27b
-
SHA256
72f3a785dac566d8284f4cd4356e9a83448bdfcbd2f66fa627c9ce52d1506a16
-
SHA512
b81dae108fd5821765dce5de86c78db0695a51c57b332013a58b52cf2352c4581306749e95a94535866a48af8585b496d369624ecc30c0817620816f38b227c8
-
SSDEEP
1572864:YvFUQ6lnSk8IpG7V+VPhqIbE7WTylPj4iY4MHHLeqPNLtDaSWQ1Z4w0g:YvFU1lSkB05awIxTy5nMHVLteSD10g
Behavioral task
behavioral1
Sample
Celestrial-Paid-Leak.exe
Resource
win11-20240611-en
Malware Config
Targets
-
-
Target
Celestrial-Paid-Leak.exe
-
Size
75.5MB
-
MD5
f039213abab7640ff26bcc39ede11aa9
-
SHA1
50f929bd448dbe97255206ee6bb2031c2bf6a27b
-
SHA256
72f3a785dac566d8284f4cd4356e9a83448bdfcbd2f66fa627c9ce52d1506a16
-
SHA512
b81dae108fd5821765dce5de86c78db0695a51c57b332013a58b52cf2352c4581306749e95a94535866a48af8585b496d369624ecc30c0817620816f38b227c8
-
SSDEEP
1572864:YvFUQ6lnSk8IpG7V+VPhqIbE7WTylPj4iY4MHHLeqPNLtDaSWQ1Z4w0g:YvFU1lSkB05awIxTy5nMHVLteSD10g
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Virtualization/Sandbox Evasion
1Hide Artifacts
2Hidden Files and Directories
2Modify Registry
2