Resubmissions

24-03-2024 23:15

240324-28j1xsch8x 10

24-03-2024 22:50

240324-2skmhshf72 8

General

  • Target

    LastMoonInstallerx64.rar

  • Size

    84.2MB

  • Sample

    240324-28j1xsch8x

  • MD5

    84838f6f37330f9fd4daf6f9838142d5

  • SHA1

    2e55c4b7353ba55f5fd1c7a65067b636c47d283c

  • SHA256

    6342e3bf6ac27e7bfadf86fffe9b191b6ce179b27ac3d4f13e3c968e7c28c1b2

  • SHA512

    1d24c78309485d27733cd8d625907b07cdf9256070f7fb1ef6ce7ebcead0555dda8625665eb861e60a2f5a9af2d239e21c3e130e54e7e0164f22c9c968cc0495

  • SSDEEP

    1572864:pn8pUPaLDLTlkU/CJ0tLRUOUzqTC5T/3Luidk5cTK6IB7g:pn86GLTlo0tL23cC93Gp6C7g

Score
10/10

Malware Config

Targets

    • Target

      LastMoonSetup.exe

    • Size

      63.2MB

    • MD5

      95af6ccd9c3acaf7bcc41ee0b46d23cf

    • SHA1

      9bce4ff335f2e2b9651eec4fd78292e506edc28d

    • SHA256

      a9ea01437d2621405693bf37b93d8fe067954ee00171ccfb07e50b0e71e43b8f

    • SHA512

      ff1f5d3549bd96e4db81ea714b16b3354c6109025fa4ffcd06f18f79f2644711a4d79936fa219d4bbe6b8be202df096732df41e8b4cba5438238013e0d68621b

    • SSDEEP

      1572864:ztDfKMPDwn0qKvaCZkxU/XuQqDFcGitncH0kQFPKJQn8:BKecnsu7PFjiaHp4bn8

    Score
    10/10
    • Epsilon Stealer

      Information stealer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks