General
-
Target
Lunarv2.exe
-
Size
6.9MB
-
Sample
240406-bcpnesga5x
-
MD5
d95097ee2dd9e5c2aae787f29a448e78
-
SHA1
40a2bf2827fea9343789f89ae09c0d6666b08c60
-
SHA256
46aa2b5e56a64bf3e105eee4bf473f28ebd2c2f723e6ce83653a922513ccc46d
-
SHA512
e298c85ac2c7d3010d1a4fdd73f03b3982ccf7a5419ae622f24cebced5c95748e0d6a01e3373527a099617972bb0514fe390b11b00d029a81a425dc469293231
-
SSDEEP
98304:/RTDjWM8JEE1rarUCamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeROYKJJcGh6:/90KrU7eNTfm/pf+xk4dWROtrbWOjgd3
Malware Config
Targets
-
-
Target
Lunarv2.exe
-
Size
6.9MB
-
MD5
d95097ee2dd9e5c2aae787f29a448e78
-
SHA1
40a2bf2827fea9343789f89ae09c0d6666b08c60
-
SHA256
46aa2b5e56a64bf3e105eee4bf473f28ebd2c2f723e6ce83653a922513ccc46d
-
SHA512
e298c85ac2c7d3010d1a4fdd73f03b3982ccf7a5419ae622f24cebced5c95748e0d6a01e3373527a099617972bb0514fe390b11b00d029a81a425dc469293231
-
SSDEEP
98304:/RTDjWM8JEE1rarUCamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeROYKJJcGh6:/90KrU7eNTfm/pf+xk4dWROtrbWOjgd3
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-