General

  • Target

    LunarExecutorV1.5.EXE

  • Size

    45.1MB

  • Sample

    240527-2vv62aeb87

  • MD5

    4d16afb4e34a059f12403c4ed1963c93

  • SHA1

    381ed291ccb3f6c547925a54e3714f1707d9c02c

  • SHA256

    ca08332c63dbeb0b7912f3806335078de217f3a1fe0c13b258a9bbe5bd09bf41

  • SHA512

    f69273860a6036ae5b7afcc299978aa51215d3f569be65cc0ac0ebc0779da6d8b15d76c13ce5e75e58377a697738d38fdab1dd9e2b27bdb814440fb52f926e94

  • SSDEEP

    786432:7LS5Xogppihzx3gXgeGsX4HtWXvavwkB/MoX1M4L7DHov/e2Nxi8Cb+4ydlN/BuQ:7U4wYh+TGXWXCokB/MoFBPHov2yixsfB

Malware Config

Targets

    • Target

      LunarExecutorV1.5.EXE

    • Size

      45.1MB

    • MD5

      4d16afb4e34a059f12403c4ed1963c93

    • SHA1

      381ed291ccb3f6c547925a54e3714f1707d9c02c

    • SHA256

      ca08332c63dbeb0b7912f3806335078de217f3a1fe0c13b258a9bbe5bd09bf41

    • SHA512

      f69273860a6036ae5b7afcc299978aa51215d3f569be65cc0ac0ebc0779da6d8b15d76c13ce5e75e58377a697738d38fdab1dd9e2b27bdb814440fb52f926e94

    • SSDEEP

      786432:7LS5Xogppihzx3gXgeGsX4HtWXvavwkB/MoX1M4L7DHov/e2Nxi8Cb+4ydlN/BuQ:7U4wYh+TGXWXCokB/MoFBPHov2yixsfB

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks