General
-
Target
Lunar.exe
-
Size
7.4MB
-
Sample
240602-14kwzsgh3s
-
MD5
0440d83abe7fc137d4d84cfa898b0ad6
-
SHA1
a65a5b1c2e4857caabac6ec807b7bafc703b853e
-
SHA256
ff3dc906d1b5b35c7aede0734ff89fd262433bc9ac208f5b19239912b5b503ef
-
SHA512
3491726720d68b5533fca3dc6d71f4a9a809e33485dd408317d7f4b3816aa9808e7c79f3b88df10f4fc5ce79eb9fa5f627b68ea96408429367f9fd9f62f856b8
-
SSDEEP
196608:BreJYS6jpOshoKMuIkhVastRL5Di3uh1D7JC:mYS4OshouIkPftRL54YRJC
Behavioral task
behavioral1
Sample
Lunar.exe
Resource
win7-20240215-en
Malware Config
Targets
-
-
Target
Lunar.exe
-
Size
7.4MB
-
MD5
0440d83abe7fc137d4d84cfa898b0ad6
-
SHA1
a65a5b1c2e4857caabac6ec807b7bafc703b853e
-
SHA256
ff3dc906d1b5b35c7aede0734ff89fd262433bc9ac208f5b19239912b5b503ef
-
SHA512
3491726720d68b5533fca3dc6d71f4a9a809e33485dd408317d7f4b3816aa9808e7c79f3b88df10f4fc5ce79eb9fa5f627b68ea96408429367f9fd9f62f856b8
-
SSDEEP
196608:BreJYS6jpOshoKMuIkhVastRL5Di3uh1D7JC:mYS4OshouIkPftRL54YRJC
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-