General

  • Target

    Moon-Predictor-v2-main.zip

  • Size

    15.3MB

  • Sample

    240816-d1rtsssgne

  • MD5

    37ff9f227cba62bc3c853d4b2a356ccf

  • SHA1

    d5cb38fcb55f1b24ad27bc8d72c990735c0909f2

  • SHA256

    7c466c3a0668cc8ac5a189a374d8e8544c05d53f12c7f84516a5fa5b0ded8244

  • SHA512

    f43c7dd84ab6d52a5e3a434d639ce2545a4e52c1aa262f51bb4725ca2ee24017c04b776d43f544fa10eb2474feba1f7a5d46c0224f358cd166a2183b6d77043a

  • SSDEEP

    393216:IvRsHxZ/P5383bl0qUrNoto4sdS2KyzjXbDxCRVHv+wR0:02RZn53iGqc6tondVKy3rlCRtv/0

Malware Config

Targets

    • Target

      Moon-Predictor-v2-main/Moon-Predictor-v2/Bunifu_UI_v1.5.3.dll

    • Size

      516KB

    • MD5

      8cd9953ff0283305f3998f6893c7d244

    • SHA1

      db906639e1b164bb813e3e94e548a4c5549bd36e

    • SHA256

      0a3f02ad6a8f319b352f4ab3222bd57d9699882db065fb344b9828243b1d0015

    • SHA512

      3121712026e63ae2c9df423c24511249895e773a5e56f3fd19dff89eefe58042c990afcd7ffba21bf9f181045b9b4d9f439c7e69114f0f9282adbd707558e133

    • SSDEEP

      12288:MykYXttq4mBpDetgo3DcHGF2HcvHWUSA9uN:iYi4Xt7zcHGFxI+uN

    Score
    1/10
    • Target

      Moon-Predictor-v2-main/Moon-Predictor-v2/Guna.UI2.dll

    • Size

      2.3MB

    • MD5

      b7cf1039d089511ff4594d0796dc966b

    • SHA1

      e41d50c48f5381da01ed43967d1024fdaaeedd81

    • SHA256

      9143707613cfa106fc4d7177e6e9f8a544738989b6167cd6578101f1bdb0927a

    • SHA512

      6627a7a810c78a94ff1d52b14d071f8aabd71a2e6b521d2fcea7d865d94f5bcb1dd890f1b93b292035b20127507e32c11c215268e00510e5bf28c6132a4ce2a4

    • SSDEEP

      49152:DpR548WTt9kUHdvAmZL0Th+1n9fr2flQChRigKw1:54JErh0gz1

    Score
    1/10
    • Target

      Moon-Predictor-v2-main/Moon-Predictor-v2/Moon Predictor V2 (1).exe

    • Size

      14.2MB

    • MD5

      11afed49123fd774af33550dae13777a

    • SHA1

      f02c2409c589f76a1639cef002dda5f7f538e98d

    • SHA256

      07266653b14ff50a02d0be770e90e102d766cede26e92bd43eb61255c5931fca

    • SHA512

      303d1eae5e242b0c831bf235705e57d0cb92c65387d7fe7279da364100f402c2212f48972cb6dbb64c951c704ebbd7af2081164bc8884b79064d2ba15e16fd55

    • SSDEEP

      393216:Hu7L/qdQusl7Q+q9RoWOv+9fav+NNxDnDz:HCLydQu2QdborvSiv+DxDD

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks