General
-
Target
LunaAPI.exe
-
Size
13.8MB
-
Sample
241104-zp3mtaxbpe
-
MD5
d924ecd4bf1e58fd63cf8a30fcab3942
-
SHA1
c45a6414d6b44141a3c90279dd5d08ba07135f0c
-
SHA256
d0cdc9569c1b25ea61672a2b3b71b8dc64164d7d42c97b275973986706fcdd5e
-
SHA512
9c44af65b8c22e2c7d77b2e0493667a927afbf581ad4d5db4f1feb71067f269f6f6f83f1c15e17f3f2a4e408844893f0f7ac2b338fc893d4e985b26e04ea0c34
-
SSDEEP
196608:F8KX9C4jd9yLNPUZ13muiNj4DZcKs8IjZFiWITmu2r4h3TL6:F8KX44jfyL
Static task
static1
Behavioral task
behavioral1
Sample
LunaAPI.exe
Resource
win11-20241007-en
Malware Config
Targets
-
-
Target
LunaAPI.exe
-
Size
13.8MB
-
MD5
d924ecd4bf1e58fd63cf8a30fcab3942
-
SHA1
c45a6414d6b44141a3c90279dd5d08ba07135f0c
-
SHA256
d0cdc9569c1b25ea61672a2b3b71b8dc64164d7d42c97b275973986706fcdd5e
-
SHA512
9c44af65b8c22e2c7d77b2e0493667a927afbf581ad4d5db4f1feb71067f269f6f6f83f1c15e17f3f2a4e408844893f0f7ac2b338fc893d4e985b26e04ea0c34
-
SSDEEP
196608:F8KX9C4jd9yLNPUZ13muiNj4DZcKs8IjZFiWITmu2r4h3TL6:F8KX44jfyL
-
Downloads MZ/PE file
-
Event Triggered Execution: Image File Execution Options Injection
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1Privilege Escalation
Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1