Overview

overview

7

Static

static

3

virus.zip

windows7-x64

1

virus.zip

windows10-2004-x64

1

virus/luna...er.exe

windows7-x64

7

virus/luna...er.exe

windows10-2004-x64

7

luna-grabb...er.pyc

windows7-x64

3

luna-grabb...er.pyc

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    virus.zip

  • Size

    16.0MB

  • Sample

    240423-zbbxyabf58

  • MD5

    1c9c996bfdbbd415ca2aff166ff48729

  • SHA1

    4d1ff76686b1fb53522b470023ae0e182b7b20fe

  • SHA256

    12fc424a6c322359e58218aba9d2c821a2ef17e02a45c44fc5c57bdf88e6b9e8

  • SHA512

    e05574ee571183ca994327d0e1c2f7cb298e49e2b5351f763818f358c2a3276bd55b090c1ec4dee3a6b57324c8265148dd2fe4d7eda316c464f64db0e0ab9b6f

  • SSDEEP

    393216:vmTMO1sRdMT097LU6YDws6hqJ1Usk/wkvoSQ4F:OTlIMTwPZE1UzvHQ4F

Score
7/10
pyinstallerspywarestealerupx

Malware Config

Targets

    • Target

      virus.zip

    • Size

      16.0MB

    • MD5

      1c9c996bfdbbd415ca2aff166ff48729

    • SHA1

      4d1ff76686b1fb53522b470023ae0e182b7b20fe

    • SHA256

      12fc424a6c322359e58218aba9d2c821a2ef17e02a45c44fc5c57bdf88e6b9e8

    • SHA512

      e05574ee571183ca994327d0e1c2f7cb298e49e2b5351f763818f358c2a3276bd55b090c1ec4dee3a6b57324c8265148dd2fe4d7eda316c464f64db0e0ab9b6f

    • SSDEEP

      393216:vmTMO1sRdMT097LU6YDws6hqJ1Usk/wkvoSQ4F:OTlIMTwPZE1UzvHQ4F

    Score
    1/10
    behavioral1behavioral2

    • Target

      virus/luna-grabber-builder.exe

    • Size

      16.1MB

    • MD5

      c10889acd0429b59267bf7886047cb53

    • SHA1

      7de695b5ec21344068913c2d9c6a94b6b9ace14e

    • SHA256

      b549380956b6ad927687462f09495c81b1f11e86e588d61ec4de26e66ac6d6bb

    • SHA512

      20e4914a566860e06c7365984f4c31ffd597563a7842c5554b4c6a997d386f471fd8aaea9e981203e9554b41d9957b34a6bb2a158711d6b59f24145ac2bd40af

    • SSDEEP

      393216:bv90+5gDkTh2Jp5MwurEUWjsrz7E5PKk9buK+x:T9PvThidb8z7bkEK+

    Score
    7/10
    upxspywarestealer

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral3behavioral4

    • Target

      luna-grabber-builder.pyc

    • Size

      45KB

    • MD5

      bbd63abf1ff2ae56ad0acf0fb3160baa

    • SHA1

      b1f5cf9741ce9a626d7688ce332364743ff52264

    • SHA256

      d9f8be4e75563672e2924db68492329726f343d526bd3790bd7cf6fdc061de9c

    • SHA512

      16e8bd74e0eb4570ad31efd856c2f4b2d32d52384db5f049272db095b415496e776bc4e6eb36167df470a9e658815d69578da096be0147314f8e3ff6491fedca

    • SSDEEP

      768:n9JWa9CqcKoMENNHkJ82F3kTVNVNCAMQo3UA0HnAgd7dSFtHtKu9ETdDlhLx3p9:n9JWa9CvKo7NNHkJLtkTH79MQoknHnAU

    Score
    6/10

    • Legitimate hosting services abused for malware hosting/C2

    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

System Information Discovery

3
T1082

Remote System Discovery

1
T1018

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Web Service

2
T1102

Impact

Resource Development

Reconnaissance

Tasks