Overview

overview

8

Static

static

1

Luna Explo...70.exe

windows11-21h2-x64

8

Resubmissions

14/10/2024, 14:57

241014-sbp18szhmb 8

14/10/2024, 14:56

241014-sbaxbazhlb 3

14/10/2024, 14:53

241014-r9spcavbrj 3

Sharing

Copy URL Twitter E-mail

General

  • Target

    Luna Exploit_91761270.exe

  • Size

    5.7MB

  • Sample

    241014-sbp18szhmb

  • MD5

    0aa6945aee17c3eae75f48e715ee5eb7

  • SHA1

    b84977d612d1760f7a682e96dba9f7160cdaf72d

  • SHA256

    0b8be7d62ba830a3a53686afb8af57d1b2301d76c8b06759bf4b148d1e2ab6cc

  • SHA512

    8cdb467c92fefe0add78824acc496bf1c70c1eada04a801076073df92497660551c7b3c56a7d97a5ba74eb75879e5323f4b33ee51f94cab8c8afe6515056f5e5

  • SSDEEP

    98304:Vj8ab67Ht6RL8xpH4Tv7wPV6osBsBpPj7cZ+KCojTeEw98rqNkUi+bD:Vj8aatLPV6oPrke8rqN7

Score
8/10
discoverypersistenceprivilege_escalationspywarestealer

Malware Config

Targets

    • Target

      Luna Exploit_91761270.exe

    • Size

      5.7MB

    • MD5

      0aa6945aee17c3eae75f48e715ee5eb7

    • SHA1

      b84977d612d1760f7a682e96dba9f7160cdaf72d

    • SHA256

      0b8be7d62ba830a3a53686afb8af57d1b2301d76c8b06759bf4b148d1e2ab6cc

    • SHA512

      8cdb467c92fefe0add78824acc496bf1c70c1eada04a801076073df92497660551c7b3c56a7d97a5ba74eb75879e5323f4b33ee51f94cab8c8afe6515056f5e5

    • SSDEEP

      98304:Vj8ab67Ht6RL8xpH4Tv7wPV6osBsBpPj7cZ+KCojTeEw98rqNkUi+bD:Vj8aatLPV6oPrke8rqN7

    Score
    8/10
    discoverypersistenceprivilege_escalationspywarestealer

    • Manipulates Digital Signatures

      Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.

    • Downloads MZ/PE file

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Event Triggered Execution: Image File Execution Options Injection

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Network Share Discovery

      Attempt to gather information on host network.

      discovery

    • Password Policy Discovery

      Attempt to access detailed information about the password policy used within an enterprise network.

      discovery

    • Drops file in System32 directory

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation
    behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

2
T1546

Component Object Model Hijacking

1
T1546.015

Image File Execution Options Injection

1
T1546.012

Privilege Escalation

Event Triggered Execution

2
T1546

Component Object Model Hijacking

1
T1546.015

Image File Execution Options Injection

1
T1546.012

Defense Evasion

Modify Registry

1
T1112

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Browser Information Discovery

1
T1217

Network Share Discovery

1
T1135

Password Policy Discovery

1
T1201

Peripheral Device Discovery

2
T1120

Query Registry

5
T1012

System Information Discovery

5
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

System Network Configuration Discovery

1
T1016

Internet Connection Discovery

1
T1016.001

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Web Service

1
T1102

Exfiltration

Impact

Tasks