General
-
Target
LunarBoostrapper.exe
-
Size
85.3MB
-
Sample
240521-rv3k1ahb85
-
MD5
8c7421292360dd2cdb61caf15795d5e3
-
SHA1
b453cb7027abf59ae02772f2867e3bc9ebf7ea4d
-
SHA256
39056718c55d244307484d8d8bf5010d3b8fde194d288c7a4de6c63644405268
-
SHA512
76972b36132aeade13a6a1df95a95023c11220e1c348a461f26419115025159015d871475ade333d3aebb7e845f9725bcc653d142a653d47cefda5728ebe7933
-
SSDEEP
1572864:tUbrPU1e4iamkhLDyPl4QiZoBnqf3Gd6xdnj+Y/5szQ7E7lZNCWg9uTdEb4:tUbr4e4iadhLDy943anyo6V/Tk7Cb9k7
Malware Config
Targets
-
-
Target
LunarBoostrapper.exe
-
Size
85.3MB
-
MD5
8c7421292360dd2cdb61caf15795d5e3
-
SHA1
b453cb7027abf59ae02772f2867e3bc9ebf7ea4d
-
SHA256
39056718c55d244307484d8d8bf5010d3b8fde194d288c7a4de6c63644405268
-
SHA512
76972b36132aeade13a6a1df95a95023c11220e1c348a461f26419115025159015d871475ade333d3aebb7e845f9725bcc653d142a653d47cefda5728ebe7933
-
SSDEEP
1572864:tUbrPU1e4iamkhLDyPl4QiZoBnqf3Gd6xdnj+Y/5szQ7E7lZNCWg9uTdEb4:tUbr4e4iadhLDy943anyo6V/Tk7Cb9k7
Score7/10-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
out.upx
-
Size
325KB
-
MD5
8b97092870dce3a452c02f1bd13720d4
-
SHA1
c6ee7d8a34f571c9230856b45bcf7ba8eb2f678e
-
SHA256
38b097b50b70e720872c8dc3b55e0cbf45bc62a138c83fbfc0a66e2a36e96161
-
SHA512
3d0488359b635f36db936588a74a773d7350c36d10254ccec2df13bf7ff24bd2654313da95dd3ad1d206d761580ba7c10f2f660b8f2313c52fb895101a6236a9
-
SSDEEP
6144:Py6I0jmJCvIBp4Z9zoyYaoQ3IL60SqWCWUDU+xREWU3Em5V0V3JXtps:a6IfJCvIb4Z9zoyYa+4CoWSf5WVZdps
Score1/10 -