Overview

overview

10

Static

static

10

Lunar-crac...ck.rar

windows7-x64

1

Lunar-crac...ck.rar

windows10-2004-x64

1

Lunar-crac...ed.exe

windows7-x64

7

Lunar-crac...ed.exe

windows10-2004-x64

8

i :+��.pyc

windows7-x64

i :+��.pyc

windows10-2004-x64

Lunar-crac...er.sys

windows10-2004-x64

1

Lunar-crac...k.1337

windows7-x64

3

Lunar-crac...k.1337

windows10-2004-x64

3

Lunar-crac...on.dat

windows7-x64

3

Lunar-crac...on.dat

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Lunar-cracked-by-wxcrack.rar

  • Size

    14.3MB

  • Sample

    241117-sqhkpssjfs

  • MD5

    ddf63fc13d9a0fdb12a37c79d8872e17

  • SHA1

    34e5653001a40176637ff5a9e4addba3437120bf

  • SHA256

    c6c414a0ffacb0fe53a8b61506e83ead35e21c5f42f902fa3a5f0a21e70796e6

  • SHA512

    00f885aef2aa9d51df0bc2882c205038cd4387c7757336f282f3fa4fb8ce8fc3d921377db8d9fde6720cbf3d6bff17734d00447a214cd5c993578f3142961b63

  • SSDEEP

    393216:egV/129gMjG5sDGEc58/NTZYZOBYXy2BO9SyQHh2hbdM:eG/1zMjCGGP8VTZYZIiy2BO9oHh2I

Score
10/10
blankgrabbercollectioncredential_accessdefense_evasiondiscoveryexecutionpersistenceprivilege_escalationspywarestealerupx

Malware Config

Targets

    • Target

      Lunar-cracked-by-wxcrack.rar

    • Size

      14.3MB

    • MD5

      ddf63fc13d9a0fdb12a37c79d8872e17

    • SHA1

      34e5653001a40176637ff5a9e4addba3437120bf

    • SHA256

      c6c414a0ffacb0fe53a8b61506e83ead35e21c5f42f902fa3a5f0a21e70796e6

    • SHA512

      00f885aef2aa9d51df0bc2882c205038cd4387c7757336f282f3fa4fb8ce8fc3d921377db8d9fde6720cbf3d6bff17734d00447a214cd5c993578f3142961b63

    • SSDEEP

      393216:egV/129gMjG5sDGEc58/NTZYZOBYXy2BO9SyQHh2hbdM:eG/1zMjCGGP8VTZYZIiy2BO9oHh2I

    Score
    1/10
    behavioral1behavioral2

    • Target

      Lunar-cracked-by-wxcrack/Lunarcracked.exe

    • Size

      9.0MB

    • MD5

      77c49f12984423a1398c2620240b48b1

    • SHA1

      59cc6396d2e597092bf4069c09ff3f0c9682f25b

    • SHA256

      3a4568331aba53006d5faf0508fd8c1beef3c8ca2632bc17090507e202bf85b9

    • SHA512

      243020cd004907446f337404fd3c898bcd5e18f8df1f5ec49a7eb321daadf6d78e4944bf16902af3828993bb978e1dd316ead949b388e5ee4cf2cbcafd02b34e

    • SSDEEP

      98304:CWSiUluTRKHurErvz81LpWjjUa50ZtPvYRt2e4GFNGjfzfbIbApJocSpXqjEwKhZ:CxlHurErvI9pWjgfPvzm6gs/SEjEF4fQ

    Score
    8/10
    upxcollectioncredential_accessdefense_evasiondiscoveryexecutionpersistenceprivilege_escalationspywarestealer

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Drops file in Drivers directory

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

      collection

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

      defense_evasion

    • Enumerates processes with tasklist

      discovery

    • Hide Artifacts: Hidden Files and Directories

      defense_evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral3behavioral4

    • Target

      i :+��.pyc

    • Size

      1KB

    • MD5

      fef171c36faff37b3884634b501c48f8

    • SHA1

      aba109536d290a3756ef4a0ac33031e0001deb8c

    • SHA256

      4afb2b1821d8e4a3fda25ceae9f5aeafa04ad556dc07a8ba6c288fef7eca7ef8

    • SHA512

      f55e4ba12bfd44adf9a6fab80988e447776a183af25658dfee13b43b28e8042d4431ec9e261c92d28eda745d9693ccabc8db16d8b2155a149f9cb98803993103

    Score
    1/10
    behavioral5behavioral6

    • Target

      Lunar-cracked-by-wxcrack/driver.sys

    • Size

      17KB

    • MD5

      8a17adcd8f3e544036dfdc25f2644922

    • SHA1

      e03eec0ff44bb5ab27ab50acf71a89e0f15f90ad

    • SHA256

      50bea91dfaff8335d4032c6a379dca922ddebaddcfde2f72b15d3a6dc2ff4e5a

    • SHA512

      051efc8eaf2650b76a523a737a6726e44da45b384f1103086c29e1fde337d03e479410a08af846eb86314ba4804b7e09292f2c163bac770e1f07edf74edab7ef

    • SSDEEP

      384:4e+AhSmf5h5VkR8Eb2Wb/wfT3iEx7bLDUjh0+:4e+AwmMi3iUbLDUjhT

    Score
    1/10
    behavioral7

    • Target

      Lunar-cracked-by-wxcrack/k.1337

    • Size

      61B

    • MD5

      d8a831e13d3fcd558d8b5003e093a168

    • SHA1

      b09aef4e78a87faa7879d7edf2d95287704f6950

    • SHA256

      d7a4e8d955aafff55f3b603b9c1838829e1ef88dff455ef3d804c0c25f1ae4f2

    • SHA512

      186e4e2361cdc44f17f0d5d2dd3a3ff362aaffe07fd7ca289e48e38ce8c164007cb3b36b1438fcb55994267c3842a90baf0f7e67e6a65d9157ff6f0bee511e23

    Score
    3/10
    discovery
    behavioral8behavioral9

    • Target

      Lunar-cracked-by-wxcrack/version.dat

    • Size

      12.6MB

    • MD5

      779ddc396a6d9f35715f5bc71dba05fb

    • SHA1

      cf0a415a3647d340fd25e25896237d1a70610d19

    • SHA256

      a2f0831cbd9808457c983f616cd05ed2a6270f09d5b3cae026aeeab2722611cd

    • SHA512

      930eec9afa4793be0da97057bc60af5994c950210ccc8dc783b3887a10be7eb46e7c3074c421bc1df24691a8603925e3e7e7d89016b781af87946ed27d0aa08d

    • SSDEEP

      393216:ds2Yc52v17jQxrZ7GvTUTKjpZUS1tuLZLJhATTnVCr/wz9BI/qNz6MUVuYW0ocUC:wvncUvGN46cUyF64krcU/gBjfcl

    Score
    3/10
    behavioral10behavioral11

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Hide Artifacts

2
T1564

Hidden Files and Directories

2
T1564.001

Obfuscated Files or Information

1
T1027

Command Obfuscation

1
T1027.010

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

3
T1552

Credentials In Files

3
T1552.001

Discovery

Browser Information Discovery

1
T1217

Process Discovery

1
T1057

Remote System Discovery

1
T1018

System Information Discovery

3
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

System Network Configuration Discovery

2
T1016

Internet Connection Discovery

1
T1016.001

Wi-Fi Discovery

1
T1016.002

Lateral Movement

Collection

Clipboard Data

1
T1115

Data from Local System

2
T1005

Command and Control

Web Service

1
T1102

Exfiltration

Impact

Tasks