General

  • Target

    MoonPredictor.exe

  • Size

    16.1MB

  • Sample

    240529-qea1dafd6w

  • MD5

    a2df0d10ab96fe2993f7d784d09a6f29

  • SHA1

    e4c87f925315bd3643bdf55ea43a721749609c33

  • SHA256

    6fa636aaa6c81a0fc336a2e08dfbdd2d31c54da9a1dd44328f8c997c919644cc

  • SHA512

    2c2f992a3054b592b91d9ac32d3e4d582d4d141ba48cda77ba584e8dcd4e08afa7d7848594499dd1ac6b91918b48883e045e87498a2ffccec9ea249c9919efc4

  • SSDEEP

    393216:VEkcqY49JWQsUcR4NzK1+TtIiFvY9Z8D8Ccl6lnTEfPKSduK+:VkD49YQFS1QtI6a8DZcIlTzSkK+

Malware Config

Targets

    • Target

      MoonPredictor.exe

    • Size

      16.1MB

    • MD5

      a2df0d10ab96fe2993f7d784d09a6f29

    • SHA1

      e4c87f925315bd3643bdf55ea43a721749609c33

    • SHA256

      6fa636aaa6c81a0fc336a2e08dfbdd2d31c54da9a1dd44328f8c997c919644cc

    • SHA512

      2c2f992a3054b592b91d9ac32d3e4d582d4d141ba48cda77ba584e8dcd4e08afa7d7848594499dd1ac6b91918b48883e045e87498a2ffccec9ea249c9919efc4

    • SSDEEP

      393216:VEkcqY49JWQsUcR4NzK1+TtIiFvY9Z8D8Ccl6lnTEfPKSduK+:VkD49YQFS1QtI6a8DZcIlTzSkK+

    Score
    7/10
    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks