General
-
Target
LastMoonInstallerx64.rar
-
Size
84.2MB
-
Sample
240324-28j1xsch8x
-
MD5
84838f6f37330f9fd4daf6f9838142d5
-
SHA1
2e55c4b7353ba55f5fd1c7a65067b636c47d283c
-
SHA256
6342e3bf6ac27e7bfadf86fffe9b191b6ce179b27ac3d4f13e3c968e7c28c1b2
-
SHA512
1d24c78309485d27733cd8d625907b07cdf9256070f7fb1ef6ce7ebcead0555dda8625665eb861e60a2f5a9af2d239e21c3e130e54e7e0164f22c9c968cc0495
-
SSDEEP
1572864:pn8pUPaLDLTlkU/CJ0tLRUOUzqTC5T/3Luidk5cTK6IB7g:pn86GLTlo0tL23cC93Gp6C7g
Static task
static1
Malware Config
Targets
-
-
Target
LastMoonSetup.exe
-
Size
63.2MB
-
MD5
95af6ccd9c3acaf7bcc41ee0b46d23cf
-
SHA1
9bce4ff335f2e2b9651eec4fd78292e506edc28d
-
SHA256
a9ea01437d2621405693bf37b93d8fe067954ee00171ccfb07e50b0e71e43b8f
-
SHA512
ff1f5d3549bd96e4db81ea714b16b3354c6109025fa4ffcd06f18f79f2644711a4d79936fa219d4bbe6b8be202df096732df41e8b4cba5438238013e0d68621b
-
SSDEEP
1572864:ztDfKMPDwn0qKvaCZkxU/XuQqDFcGitncH0kQFPKJQn8:BKecnsu7PFjiaHp4bn8
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-