General

  • Target

    LunaAPI.exe

  • Size

    13.8MB

  • Sample

    241104-zp3mtaxbpe

  • MD5

    d924ecd4bf1e58fd63cf8a30fcab3942

  • SHA1

    c45a6414d6b44141a3c90279dd5d08ba07135f0c

  • SHA256

    d0cdc9569c1b25ea61672a2b3b71b8dc64164d7d42c97b275973986706fcdd5e

  • SHA512

    9c44af65b8c22e2c7d77b2e0493667a927afbf581ad4d5db4f1feb71067f269f6f6f83f1c15e17f3f2a4e408844893f0f7ac2b338fc893d4e985b26e04ea0c34

  • SSDEEP

    196608:F8KX9C4jd9yLNPUZ13muiNj4DZcKs8IjZFiWITmu2r4h3TL6:F8KX44jfyL

Malware Config

Targets

    • Target

      LunaAPI.exe

    • Size

      13.8MB

    • MD5

      d924ecd4bf1e58fd63cf8a30fcab3942

    • SHA1

      c45a6414d6b44141a3c90279dd5d08ba07135f0c

    • SHA256

      d0cdc9569c1b25ea61672a2b3b71b8dc64164d7d42c97b275973986706fcdd5e

    • SHA512

      9c44af65b8c22e2c7d77b2e0493667a927afbf581ad4d5db4f1feb71067f269f6f6f83f1c15e17f3f2a4e408844893f0f7ac2b338fc893d4e985b26e04ea0c34

    • SSDEEP

      196608:F8KX9C4jd9yLNPUZ13muiNj4DZcKs8IjZFiWITmu2r4h3TL6:F8KX44jfyL

    • Downloads MZ/PE file

    • Event Triggered Execution: Image File Execution Options Injection

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Network Share Discovery

      Attempt to gather information on host network.

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks