Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
luna grabber.exe
-
Size
22.2MB
-
Sample
240925-n5cksatfjr
-
MD5
86e4a3224760af0cf38da82dfc51e10e
-
SHA1
9a7eeafd2f1863d6258a00728772a8352e89e40e
-
SHA256
105dab9cc588c50fd42183586076676a20e6c95b8d6b343773aa02e37212a28b
-
SHA512
e446011e9f05a62e37282d6f0e30f65a1a41fac685657d87fdde879dfcb59eb7fe6450811dcfecbdf88203303a5d69a5412ba06825d0cf5c966a7f0ec5161a92
-
SSDEEP
393216:UaRIQtsusJWQsUcR4NzK1+TtIiFDCuARuAQhFXmbocDEWY60gMYTfC:rIQtsFYQFS1QtI+CuAgh8xEv3gJT6
Malware Config
Targets
-
-
Target
luna grabber.exe
-
Size
22.2MB
-
MD5
86e4a3224760af0cf38da82dfc51e10e
-
SHA1
9a7eeafd2f1863d6258a00728772a8352e89e40e
-
SHA256
105dab9cc588c50fd42183586076676a20e6c95b8d6b343773aa02e37212a28b
-
SHA512
e446011e9f05a62e37282d6f0e30f65a1a41fac685657d87fdde879dfcb59eb7fe6450811dcfecbdf88203303a5d69a5412ba06825d0cf5c966a7f0ec5161a92
-
SSDEEP
393216:UaRIQtsusJWQsUcR4NzK1+TtIiFDCuARuAQhFXmbocDEWY60gMYTfC:rIQtsFYQFS1QtI+CuAgh8xEv3gJT6
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1