076ac14b0027e5013df471aabd85a6956976b43a0066beb6f732a0d9c6a0faba | Triage

Submit
Reports

Overview

overview

7

Static

static

1

Luna-Logge...3).zip

windows10-1703-x64

Luna-Logge...3).zip

windows10-2004-x64

6

Sharing

General

Target

Luna-Logged-roque (3).zip
Size

400KB
Sample

230613-thnx7agh88
MD5

248fbd7b6f73beef836dd8b9f4013344
SHA1

2fd502c1882dab4443ddd96940f47a4e5eb43242
SHA256

076ac14b0027e5013df471aabd85a6956976b43a0066beb6f732a0d9c6a0faba
SHA512

357d38600976b64dccaf657e40d5ad67920754b3b491163199d3266d72c96e85a429e88a3ecb1b9d265d5ef8aa80de3daf3ff1ba0a3e073db602829c8936b6e0
SSDEEP

6144:JW2/vk/rQ1ur8pyC624r74+/7red9ZnaaE3lcnwFZlTMay7AMfEpEgzgtVbt2X:JrHkzQq9C6HjKaaEkilTRZEgf

Score

7^/10

bootkit persistence

Static task

static1

Behavioral task

behavioral1

Sample

Luna-Logged-roque (3).zip

Resource

win10-20230220-de

bootkit persistence

windows10-1703-x64

16 signatures

1800 seconds

Behavioral task

behavioral2

Sample

Luna-Logged-roque (3).zip

Resource

win10v2004-20230220-de

windows10-2004-x64

10 signatures

1800 seconds

Malware Config

Targets

- Target
  
  Luna-Logged-roque (3).zip
- Size
  
  400KB
- MD5
  
  248fbd7b6f73beef836dd8b9f4013344
- SHA1
  
  2fd502c1882dab4443ddd96940f47a4e5eb43242
- SHA256
  
  076ac14b0027e5013df471aabd85a6956976b43a0066beb6f732a0d9c6a0faba
- SHA512
  
  357d38600976b64dccaf657e40d5ad67920754b3b491163199d3266d72c96e85a429e88a3ecb1b9d265d5ef8aa80de3daf3ff1ba0a3e073db602829c8936b6e0
- SSDEEP
  
  6144:JW2/vk/rQ1ur8pyC624r74+/7red9ZnaaE3lcnwFZlTMay7AMfEpEgzgtVbt2X:JrHkzQq9C6HjKaaEkilTRZEgf
Score

7^/10

bootkit persistence
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

© 2018-2024

Terms | Privacy