f94ff65dcc69a97587c9f0b537f6e742f1f82456ceb201e2a26edb637d1872dd | Triage

Sharing

General

Target

Lunar Client - Installer.exe
Size

2.2MB
Sample

240822-gdlwta1dpc
MD5

2e7d10aae69456db77d4f35110b278bb
SHA1

32368bb680d66d160cbd1775ed3547120e40dae3
SHA256

f94ff65dcc69a97587c9f0b537f6e742f1f82456ceb201e2a26edb637d1872dd
SHA512

011eac53b15de0cb18b5757f79c4446e0deea3c0333cf48e508da13e89bd2d17e70a1365ea0c71dbb494fdd7b8d5ffac74fb74b7639a8788854eb9802aeab461
SSDEEP

49152:ymACyWxE87vxpsrFpIv928RtBLMNXl0q+ssY5NkhDr6brcU:yhCyIPN+TIvMGttcSq+eAQ

Score

7^/10

discovery execution upx

Malware Config

Targets

- Target
  
  Lunar Client - Installer.exe
- Size
  
  2.2MB
- MD5
  
  2e7d10aae69456db77d4f35110b278bb
- SHA1
  
  32368bb680d66d160cbd1775ed3547120e40dae3
- SHA256
  
  f94ff65dcc69a97587c9f0b537f6e742f1f82456ceb201e2a26edb637d1872dd
- SHA512
  
  011eac53b15de0cb18b5757f79c4446e0deea3c0333cf48e508da13e89bd2d17e70a1365ea0c71dbb494fdd7b8d5ffac74fb74b7639a8788854eb9802aeab461
- SSDEEP
  
  49152:ymACyWxE87vxpsrFpIv928RtBLMNXl0q+ssY5NkhDr6brcU:yhCyIPN+TIvMGttcSq+eAQ
Score

5^/10

discovery
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/app/cmp.html
- Size
  
  5KB
- MD5
  
  d7b8b31b190e552677589cfd4cbb5d8e
- SHA1
  
  09ffb3c63991d5c932c819393de489268bd3ab88
- SHA256
  
  6c21e8c07ce28327dca05f873d73fe85d5473f9b22a751a4d3d28931f5d0c74f
- SHA512
  
  32794507a4b9a12e52ceb583222cb93300e38c634a72ea3f51a0189127aba60cf476fb7918942355a4f826185d7071e876cb40348ba34cf5d1ca7e9546ccb310
- SSDEEP
  
  48:t9rc0/GLAoShbEHaLKNGiNQtvmolOGR36tgtr/GTvJP8AscaV4LiMt7ByBZXGz+p:4VLjHa2NGiivmmpWsBVutFwAk5vSG
Score

5^/10

discovery
- Drops file in System32 directory
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/app/index.html
- Size
  
  20KB
- MD5
  
  423d2e2f7e21b856cb5f3ee3dcbfa5a0
- SHA1
  
  eda0e357387913daf57a0c683c34b4b8a5d7baf7
- SHA256
  
  cd59efa2fe7cbe222d03a946c34eaacdb3761e922763952d7be4555addf8572c
- SHA512
  
  c403307549af9bf7cfd34295a8b1020e7b7489d104b5fdaf4320b495f85977134796774dbf4f20f8fd0b2d1f2188b881a1cc35cec56aa64a3dc84bf1c2d21b4b
- SSDEEP
  
  192:DgNb/cVDYmPkhHmY74deqmtRCtmK8WQI9gHcMlxh8Bi9LJFHab4rmgJnc5t/93jp:ENs+XaMr9n2uLy05SN1
Score

5^/10

discovery
- Drops file in System32 directory
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/app/js/app.js
- Size
  
  21KB
- MD5
  
  de88fce9253d26e0c61daa1783baa775
- SHA1
  
  07c5848354a247056baad369059aac9d3c940ecc
- SHA256
  
  993f140f9f4e5cdbdcc657a3c159328bf58b3483dbc27c451516a556763a79ba
- SHA512
  
  71ddd47ef7ed7c02fb31e8ffa2ea6d1b5178dbda2ab37bac208e088c8ba2127e0cf5eaa74ee7ad5809fa69e534853312c6c8775c68aeda63bf0e4a5caefa39b7
- SSDEEP
  
  384:4X+ycDQrcljKdZGb9plmt902wjI3A4nzwF52xxYRifG6wBEoR3FGHWdeLj8T:0+ycDQYlOdEbdmXH3A4nzIAnGifG11RL
Score

3^/10

execution
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/app/js/block_inputs.js
- Size
  
  789B
- MD5
  
  b5b52c92b90f4283a761cb8a40860c75
- SHA1
  
  7212e7e566795017e179e7b9c9bf223b0cdb9ec2
- SHA256
  
  f8dbd6793b35f7a26806f4dabad157aaafdf6d66fad094b50c77d60f223fd544
- SHA512
  
  16ad53ede5424ca1384e3caea25225589e9eec9e80e2d845948802db90fad222f709a7b651cd7601a34ba67a0627433f25764638fd542cbd4612871308e7b353
Score

3^/10

execution
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/app/js/libs/cmp.bundle.js
- Size
  
  346KB
- MD5
  
  75788eef24727a1387ea0db9ffeea4f6
- SHA1
  
  c222936daa52501bc6fe4a7a72c989f73d69d4a7
- SHA256
  
  38536d86fa0017a0a64148d6976f601eda336faa417c214720d2039e7e3c3a58
- SHA512
  
  68b8cb1b6a401103500167a6c19c6ac94fa7868bce043ae490613aa60e1601a218a4dfe959d42b61af61eb48bd930b7c520ea4e9bc7dc2fc1fd7690b89002532
- SSDEEP
  
  3072:vSDSLzJgixPFNRISHo2vTkNAJOQSPX8G9L+xEtQ8OaxPyf:bxgixP+2rkNv8G9vpi
Score

3^/10

execution
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/app/js/libs/jquery-1.10.2.min.js
- Size
  
  90KB
- MD5
  
  44e3f0db3e4ab6fedc5758c05cf27591
- SHA1
  
  2d408aa1d35661019c95adcc60b78c0727ed25b4
- SHA256
  
  bc44d3631ffef1df7960e359f02002d3ada45ee05205c2cf1edd85da2f518144
- SHA512
  
  4d4844e53e686fc59a52e86588f328dca3ed6fdad7195c58942a98c51755a24981b903ee7c7b27785375eaad5a7d9501cf74b999674b79f214e66103bad9efdc
- SSDEEP
  
  1536:O4mCgi8DyCuXXFiJ+L0kJQsJVPEKuQRZdC/RAfDknv+p0WzH/Io9Z7qABZnu0JFV:OGsKYAI2p0WP9bDrJ7fak
Score

3^/10

execution
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/app/js/models/notifications.js
- Size
  
  5KB
- MD5
  
  85afdf9897bb1236eff3afa40d15ece6
- SHA1
  
  4362bdd139458eaf4a2dcb34294b43e2d53f4a26
- SHA256
  
  9dd03dfc92bcb74f3725aae60e904c0a56cc84f299bbb8e863a869719f6fdd32
- SHA512
  
  4ab86c6bafba18f53f01ca913ceaa80f14900107069a1d5f65b108d35690bd8b50b1a6cdf1563fc5775909f69208dabebd139f3cf3d8576269d560d57cf9994c
- SSDEEP
  
  96:sOr8u1s9FvYYdfHsW/GZwzpJGf8mui+U8QrGjqTzoOxOYsdfHsW/GZwzpJGNjINU:sGu9yYl3rNQ8K+JQC+/5Lsl3rNOEYIo
Score

3^/10

execution
behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/app/js/utils/analytics.js
- Size
  
  4KB
- MD5
  
  525281e9959af4c1c0d11b9243c798a1
- SHA1
  
  237a84c5b57bd132f48446d718b20640cb28c263
- SHA256
  
  c37f0699cf8ba7d9e3e0f73f1b2af65f4bdc2a31f44594ffc8c73e98b6c2fd1d
- SHA512
  
  fe5bafda7773e69c65dd63270e0306abcd39cb2d886b675ab8c714ae0833efde963b69623d468551a1ab37f1db1a1d457f1568f7a29d9cf0bb23bb0edcab5fc4
- SSDEEP
  
  96:LlYkmHqqVHlnZ4JGvt+QP2EvVVko3sO2LCgObNS1Tgzalh:AHq1GV+kcRObNSGza3
Score

3^/10

execution
behavioral17 behavioral18
- Target
  
  $PLUGINSDIR/app/js/utils/commands.js
- Size
  
  13KB
- MD5
  
  a25b49d085333ece9aadd1f285795925
- SHA1
  
  53341dcca297a969a8ff37265935488f1790307e
- SHA256
  
  acbf59ce6aa668880f65aab2bfe62305415c76301b40bc7f72777f0b08840b71
- SHA512
  
  0a2cb6f4e1af0c4205e38ba1e12c208e6ea4f8f8e3956c9d10b312aa9a6929b99ec967aee7aa1f54da97ca6ea354f8bd7f624359cfd05c6241a5f4bf59843b68
- SSDEEP
  
  384:PUr5HB8c31uUvJQ006W8tusv5qEWOddSd:PVhs0
Score

3^/10

execution
behavioral19 behavioral20
- Target
  
  $PLUGINSDIR/app/js/utils/cookies.js
- Size
  
  1KB
- MD5
  
  6c60e675f8c8c68c0174b644d3a63a2a
- SHA1
  
  3635a3fe07ccc4a6f33a986ddb690522d0611abb
- SHA256
  
  9d3cb3822e20d6f5157faa02dc69bdaef44576c3fb5523e00aa152107ce30287
- SHA512
  
  1dc9ec7b139bcf37107ecd673c01e4fcc606332ea1645a4a1b4e5d95f817d4c99d5964cd3d941a6a526689341d9623b17b4efc002cdf4c73404299d52b1be452
Score

3^/10

execution
behavioral21 behavioral22
- Target
  
  $PLUGINSDIR/app/js/utils/modal-events-delegate.js
- Size
  
  1KB
- MD5
  
  117e4fdbdb0ecf211c8bd909efd337d1
- SHA1
  
  9f8684d856b7c95bdffb139217dfd89f41373187
- SHA256
  
  267661f932a2ea78d8c7a98cc03d1b18d7cb8132deb84636772ecd1fcfbe4857
- SHA512
  
  f474ee20b59d3d0c11f9f6aee6b6e2b66f7025beaec9841f88455e60533dc96cb4e27910be0dae92b0028c5578932b7f459fdb91d594ad010f72a3b3af6addb1
Score

3^/10

execution
behavioral23 behavioral24
- Target
  
  $PLUGINSDIR/app/js/utils/strings-loader.js
- Size
  
  5KB
- MD5
  
  9c94eb933d8a43dd3825e67a7e30c980
- SHA1
  
  7ec7b16af6f399219209ba5967d377040486a11b
- SHA256
  
  96445709fde2613af50f4b8908296d4bfccdccb2d9db9febc34a9bf4dcc70ecf
- SHA512
  
  a662a299e31633f71a9b9675970359430fdac06dcc284fd7ce92919f244c7f921639f97a42356e993a95865e6c9f198dcba82c126f82065bf2009a31ec9b02f5
- SSDEEP
  
  96:FXS/WSBWlbBtDhWFTnTeWsNkEj1I/6WfwkUlx416moPdXDKP8j8yZrME6:FXSuQwBBh0nTevNkEj1O6Wme0muXDK0W
Score

3^/10

execution
behavioral25 behavioral26
- Target
  
  $PLUGINSDIR/app/js/utils/utils.js
- Size
  
  118B
- MD5
  
  a0952ebeab701c05c75710c33d725e7e
- SHA1
  
  1da8a2e889f1213d481ae3cd5571670c01e64adc
- SHA256
  
  b4f0c48cbfeaf8141fd44b12031e3f0410cb0cdc313888ffdb14fdf1d2341246
- SHA512
  
  5e5ae616d3fded7d2bf47a326242c4477ca3119fb52897bfb41de0be230ccbd6c3da2c00268b3973e9bf7b4f2886aba64fd9719b448662e4130ee66d87913389
Score

3^/10

execution
behavioral27 behavioral28
- Target
  
  $PLUGINSDIR/app/js/windows/cri/cri-controller.js
- Size
  
  3KB
- MD5
  
  4e4b4a9e2d86ae3c108105078db6d730
- SHA1
  
  826946be793c999316af6c1db10523950b18ea2c
- SHA256
  
  cee7fc5a36a01a439125be031923d7e7415ec56194255048098169a0108034b7
- SHA512
  
  1420065cd000ce9b9c39d27b5dc5f4055f67146e06573a03184649851c9745f0c0af2b5e35b41b5923703dd74e32f9ed95fc59a43db25f854584e319950beffe
Score

3^/10

execution
behavioral29 behavioral30
- Target
  
  $PLUGINSDIR/app/js/windows/cri/template.js
- Size
  
  1KB
- MD5
  
  76c1ef0cb437db144c2bed53a5a8a5d7
- SHA1
  
  aaab8fff649f8e46d1e9510018118ee9abe01498
- SHA256
  
  505d3c4de7d9cf8f0155b5b1a3c8792bc0ca2eda6781b441bd85455f144be22e
- SHA512
  
  822bf9feda91c89539d263c6c9053163e8dfa3c511195bc61a9b608b4687fb4048733323f03dd30a7ab661a4be4acf6c8d8ae7bb6723771122540a9551899c3e
Score

3^/10

execution
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32