c48b1d0562f49f921b34fa58c952a4dd991d111003c3543f8852fdddb0b0da4f

Resubmissions

18-12-2024 18:26

241218-w3lpnsykeq 10

18-12-2024 17:16

241218-vtjchswle1 10

Analysis

max time kernel
31s
max time network
33s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
18-12-2024 17:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Moon/MoonBETARUNBOOT.exe
Size

135KB
MD5

2f4a9e448314620c6395ffeb7b2badf2
SHA1

45649c5a62007d47c90ddaa072ba746f04e5fb9b
SHA256

23fa7314c51fccaac9a9e79a67951194379ba785f1ef6b3932daa0ad62455eab
SHA512

fe882ecb71ab4b2d5ae00ba3cb8ee4e1b1d3f5cfc08ac3bbeb0360b55718f5433a96d1588be792efd0688e8855a3a593d0c79234e4e0eca95ba0bad9bc8530c0
SSDEEP

3072:rjK4UGDHXrQ8hy7qgpHulWD9ZvZ5Pf3Ca10xuZ04ntfObhBuU:rjK4TDUqgpqWDLZ5H+xuZ04shA

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
7	raw.githubusercontent.com
8	raw.githubusercontent.com

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2248	MoonBETARUNBOOT.exe
2248	MoonBETARUNBOOT.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2248	MoonBETARUNBOOT.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2248	MoonBETARUNBOOT.exe

C:\Users\Admin\AppData\Local\Temp\Moon\MoonBETARUNBOOT.exe
"C:\Users\Admin\AppData\Local\Temp\Moon\MoonBETARUNBOOT.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2248

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads