General

  • Target

    Moon-Predictor-v2-main.zip

  • Size

    15.3MB

  • Sample

    240815-kzydhsvemf

  • MD5

    37ff9f227cba62bc3c853d4b2a356ccf

  • SHA1

    d5cb38fcb55f1b24ad27bc8d72c990735c0909f2

  • SHA256

    7c466c3a0668cc8ac5a189a374d8e8544c05d53f12c7f84516a5fa5b0ded8244

  • SHA512

    f43c7dd84ab6d52a5e3a434d639ce2545a4e52c1aa262f51bb4725ca2ee24017c04b776d43f544fa10eb2474feba1f7a5d46c0224f358cd166a2183b6d77043a

  • SSDEEP

    393216:IvRsHxZ/P5383bl0qUrNoto4sdS2KyzjXbDxCRVHv+wR0:02RZn53iGqc6tondVKy3rlCRtv/0

Malware Config

Targets

    • Target

      Moon-Predictor-v2-main/Moon-Predictor-v2/Moon Predictor V2 (1).exe

    • Size

      14.2MB

    • MD5

      11afed49123fd774af33550dae13777a

    • SHA1

      f02c2409c589f76a1639cef002dda5f7f538e98d

    • SHA256

      07266653b14ff50a02d0be770e90e102d766cede26e92bd43eb61255c5931fca

    • SHA512

      303d1eae5e242b0c831bf235705e57d0cb92c65387d7fe7279da364100f402c2212f48972cb6dbb64c951c704ebbd7af2081164bc8884b79064d2ba15e16fd55

    • SSDEEP

      393216:Hu7L/qdQusl7Q+q9RoWOv+9fav+NNxDnDz:HCLydQu2QdborvSiv+DxDD

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks