General
-
Target
MoonPredictor.exe
-
Size
16.1MB
-
Sample
240529-qgmf7afe4v
-
MD5
a2df0d10ab96fe2993f7d784d09a6f29
-
SHA1
e4c87f925315bd3643bdf55ea43a721749609c33
-
SHA256
6fa636aaa6c81a0fc336a2e08dfbdd2d31c54da9a1dd44328f8c997c919644cc
-
SHA512
2c2f992a3054b592b91d9ac32d3e4d582d4d141ba48cda77ba584e8dcd4e08afa7d7848594499dd1ac6b91918b48883e045e87498a2ffccec9ea249c9919efc4
-
SSDEEP
393216:VEkcqY49JWQsUcR4NzK1+TtIiFvY9Z8D8Ccl6lnTEfPKSduK+:VkD49YQFS1QtI6a8DZcIlTzSkK+
Malware Config
Targets
-
-
Target
MoonPredictor.exe
-
Size
16.1MB
-
MD5
a2df0d10ab96fe2993f7d784d09a6f29
-
SHA1
e4c87f925315bd3643bdf55ea43a721749609c33
-
SHA256
6fa636aaa6c81a0fc336a2e08dfbdd2d31c54da9a1dd44328f8c997c919644cc
-
SHA512
2c2f992a3054b592b91d9ac32d3e4d582d4d141ba48cda77ba584e8dcd4e08afa7d7848594499dd1ac6b91918b48883e045e87498a2ffccec9ea249c9919efc4
-
SSDEEP
393216:VEkcqY49JWQsUcR4NzK1+TtIiFvY9Z8D8Ccl6lnTEfPKSduK+:VkD49YQFS1QtI6a8DZcIlTzSkK+
-
Drops startup file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-