Overview

overview

10

Static

static

3

Lunar Release.rar

windows7-x64

3

Lunar Release.rar

windows10-2004-x64

3

Lunar Rele....3.exe

windows10-2004-x64

10

Lunar Rele...ch.dll

windows7-x64

1

Lunar Rele...ch.dll

windows10-2004-x64

1

Lunar Rele...on.dll

windows7-x64

1

Lunar Rele...on.dll

windows10-2004-x64

1

Lunar Rele...al.txt

windows7-x64

1

Lunar Rele...al.txt

windows10-2004-x64

1

Lunar Rele...ld.txt

windows7-x64

1

Lunar Rele...ld.txt

windows10-2004-x64

1

Lunar Rele...sf.ico

windows7-x64

1

Lunar Rele...sf.ico

windows10-2004-x64

3

Lunar Rele...eld.js

windows7-x64

3

Lunar Rele...eld.js

windows10-2004-x64

3

Lunar Rele...se.txt

windows7-x64

1

Lunar Rele...se.txt

windows10-2004-x64

1

Lunar Rele...ces.js

windows7-x64

3

Lunar Rele...ces.js

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Lunar Release.rar

  • Size

    58.2MB

  • Sample

    240527-whafxacc5t

  • MD5

    01aa98c288c78bd808619cbafb2bda83

  • SHA1

    d83d784962fc80af5274e95dd3f00a5c36ceab04

  • SHA256

    8e92c1465039a1582c52bd6c8e7a79b625c79cc19b6d79a2f8fd3977e363a111

  • SHA512

    e6ae9b854e815d44f02dc6d2fb010ca8281d95c2fae685c74ca9495e2aec08f63513ac0715d90cf044c6dbe8a85828500e008c211d7a663b35cc7e471c05c246

  • SSDEEP

    1572864:mIRRciDQutiv4I7Z5uVifsMNgt1LC6Ch4XGDdlmjx:mIRHXtiv4yuVX5n2B30x

Score
10/10
xmrigevasionexecutionminerpersistencepyinstallerupx

Malware Config

Targets

    • Target

      Lunar Release.rar

    • Size

      58.2MB

    • MD5

      01aa98c288c78bd808619cbafb2bda83

    • SHA1

      d83d784962fc80af5274e95dd3f00a5c36ceab04

    • SHA256

      8e92c1465039a1582c52bd6c8e7a79b625c79cc19b6d79a2f8fd3977e363a111

    • SHA512

      e6ae9b854e815d44f02dc6d2fb010ca8281d95c2fae685c74ca9495e2aec08f63513ac0715d90cf044c6dbe8a85828500e008c211d7a663b35cc7e471c05c246

    • SSDEEP

      1572864:mIRRciDQutiv4I7Z5uVifsMNgt1LC6Ch4XGDdlmjx:mIRHXtiv4yuVX5n2B30x

    Score
    3/10
    behavioral1behavioral2

    • Target

      Lunar Release/LunarExecutorV1.3.EXE

    • Size

      68.9MB

    • MD5

      df5b7229a413253d6f321225a5c0439b

    • SHA1

      8e25831f4cd7f06db779a1b748c371f4baa875db

    • SHA256

      4d490863f8676c0460d36778c31d00920fcd008615caae181a7619b6c0be4f2f

    • SHA512

      120292c360ea73ab6d0bd512f76b54a36143ad565bce34ffc1ccb9998767240573aa8338bfb0ada371010d5ac401b0bf55ba726ac367b0e98e1a5b9b644891b5

    • SSDEEP

      1572864:eX1VKl7n9C7/fAESoX7RsWbIoFilqMbVs/OUHUonw+G:eXvKCoc7WWb2qMbVhUVw+G

    Score
    10/10
    xmrigevasionexecutionminerpersistencepyinstallerupx

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner payload

      miner

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Creates new service(s)

      persistenceexecution

    • Stops running service(s)

      evasionexecution

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral3

    • Target

      Lunar Release/auto_attach.dll

    • Size

      11KB

    • MD5

      10b65d0b42a5c28e46c636f3b80acd72

    • SHA1

      b7d055065692c937de0c6cc8a4a10ab56953bc35

    • SHA256

      6a5f47fb94b352d816beb3301cec80c29067ac49867013653c5f6254617d24fb

    • SHA512

      75dc3b928bf1dc3eccd1f8a70b71be4734bbce99419cbd5a6090c08182bf6b74617d9a78c2e7ccf243f550922c17a79c255ba07a92a48b110d1aadd823a78461

    • SSDEEP

      192:3jzHguR1ID//9g6Gep+d/iz2Gg3bzE7xYGVN2PzQdv4tkpyzM9zvGMA5KIhzlm:3jzHguR1IKdeocPUk86tZaU

    Score
    1/10
    behavioral4behavioral5

    • Target

      Lunar Release/byfron.dll

    • Size

      104KB

    • MD5

      23070ddf008a2351eb49b39bcaadc40b

    • SHA1

      7797e39ed2543d0e42fce9239e9e8f8ff55482a3

    • SHA256

      a7b4d7ee10059bfe41c1405f589c898f8261186bbb65f9e63240e27aaba5e17f

    • SHA512

      676d9ca1260ee2f8db90f5ec3430fd297ff2429163b39110ea80a42d5111be80b75d9fdc73f9262a713d29eb0ac3d573060a739ff843e393485de6c9a154646b

    • SSDEEP

      1536:Jcck8caFAtPTFwZ644yQZvNuAVe5tJmcCA2noyUEowjE:Jcck8caFAtPTFwZ6ZN505H2nLUcY

    Score
    1/10
    behavioral6behavioral7

    • Target

      Lunar Release/fonts and logo/Arial.txt

    • Size

      64B

    • MD5

      e5b8570d28758495e1e10e492e08ff8c

    • SHA1

      cdffaa6413f9ba1c6b16b8c26e288358b0cff571

    • SHA256

      d565575e288251ce195eb20a570e88170a605f889e8b71a90c587bd91f03638e

    • SHA512

      58910f636dd2a47197eeb20af49670177d70fb5f997b006d46044186b2fa87ac22ceea205562e2f07484130604414692d56548f080930c91a814c16ffddd911d

    Score
    1/10
    behavioral8behavioral9

    • Target

      Lunar Release/fonts and logo/Bold.txt

    • Size

      64B

    • MD5

      dc53bf4e959f96dd6f944f80f4bab418

    • SHA1

      1e096af7588b58b542a6f717bc114c61e119275d

    • SHA256

      9583dd7d301fc625a2a28d140285a2c08e3ad001db991a98adc66d6e3e70613b

    • SHA512

      78833bb4e20e131662f96b2f42dbe0b27a8f135535457fbd5a780b81cf538d291cb91190a5d7cfe579cfe18b659bd213c9e50bcaf3b39d2ea42a620e25af3360

    Score
    1/10
    behavioral10behavioral11

    • Target

      Lunar Release/fonts and logo/fdsfdsf.ico

    • Size

      4KB

    • MD5

      5f84f00d39f8f3f5bdd30fd7784a598c

    • SHA1

      5cc8a3bdb93ab43407767f531d995a7b8f2bb2ba

    • SHA256

      f6131701da3f55693186f1ab4f76b6ef8063d56377ca4594eb4ed4f93819f6cd

    • SHA512

      de022037282abd3c8fda1aa5392954b86ea216c03dd720a4929e5fb71e94b51c7293c222365f003ee98884a7b457262ab388aa68a28c9cbdd77c94de9d54f78b

    • SSDEEP

      48:ddPzwLfyDMwE6+fJM0uAKopL1hEUURLddHQ:ddPzPAwE/fJBujopLfMRLdd

    Score
    3/10
    behavioral12behavioral13

    • Target

      Lunar Release/infinite yield.txt

    • Size

      458KB

    • MD5

      fd82c56f51bbd6e20b5cd3f13df47df3

    • SHA1

      5cc7735d0df6224d522a62b51ff0e5980741de3a

    • SHA256

      753e72e558297fc7658e32d37baa81d72333f06fd6640ede858c5ba3294cec7b

    • SHA512

      602f05e8b7018e4066d6663976178a66c2f274d0168a041c5e3a99ae037e3730789a0130e580e33161d1f99fac288f4a8831a2400866b54fb2f6acd3c1f79f6d

    • SSDEEP

      6144:ZkrLwE7/gTt3Kr2/h5MuR0Y9gIBuQulO7uFo5n4XvxDhoQh9kZtUi8/1j304U48F:ZkrLwEAKr2ZGHYWFOn4XPffpo

    Score
    3/10
    execution
    behavioral14behavioral15

    • Target

      Lunar Release/license.txt

    • Size

      6KB

    • MD5

      0b09566254b011d989decf0e23a902eb

    • SHA1

      3ae5cd6be73daf418b8deee9c865cf78225838c9

    • SHA256

      a19d58aaab15c4d0019e569d1c073d1b5286fdd37dbeee7a58a7d1ae76045ae1

    • SHA512

      4e22e58f925879306261e5993039e1d84d87f8fecc0f9fdad534da55b6fd22be77e622a4077d8d521f7734e5535f66853d581155987e2f3607e2d386938c218b

    • SSDEEP

      192:uEwjuKsgA4+XYdXjA+okS63vZBCSUziJm:eNs8+QRVxBRU1

    Score
    1/10
    behavioral16behavioral17

    • Target

      Lunar Release/resources.dll

    • Size

      5.1MB

    • MD5

      773b3b72481fd8ef9b62b5ef0fe8040a

    • SHA1

      a42cbc7aab88689e834c158b24af8722586cf1b4

    • SHA256

      7f93fef11819a9f4b8edd342a1c2d3dbab25698ed75f9713ee1167fa2f852331

    • SHA512

      db7d29100060afc909cbf20bcd6d9c02fc0b29d8ee32606e2d6cf18270484f2b46853cda0b495a85cc7a2e3ae4536030a25216f101dceabf2f972e3375208c38

    • SSDEEP

      768:+UI7yUI7yUI7yUI7yUI7yUI7yUI7yUI7yUI7yUI7yUI7yUI7yUI7yUI7yUI7yUIn:3

    Score
    3/10
    execution
    behavioral18behavioral19

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

3
T1059

PowerShell

1
T1059.001

JavaScript

2
T1059.007

System Services

2
T1569

Service Execution

2
T1569.002

Persistence

Create or Modify System Process

2
T1543

Windows Service

2
T1543.003

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Create or Modify System Process

2
T1543

Windows Service

2
T1543.003

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Impair Defenses

1
T1562

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

1
T1489

Resource Development

Reconnaissance

Tasks