Overview

overview

10

Static

static

10

Moon.zip

windows7-x64

10

Moon.zip

windows10-2004-x64

1

Moon/Boots...on.exe

windows7-x64

10

Moon/Boots...on.exe

windows10-2004-x64

10

Moon/ForlornApi.dll

windows7-x64

1

Moon/ForlornApi.dll

windows10-2004-x64

1

Moon/Forlo...ct.dll

windows7-x64

1

Moon/Forlo...ct.dll

windows10-2004-x64

7

Moon/MoonBETA.exe

windows7-x64

1

Moon/MoonBETA.exe

windows10-2004-x64

1

Moon/MoonB...OT.exe

windows7-x64

3

Moon/MoonB...OT.exe

windows10-2004-x64

1

Moon/works...481.js

windows7-x64

3

Moon/works...481.js

windows10-2004-x64

3

Moon/works...ary.js

windows7-x64

3

Moon/works...ary.js

windows10-2004-x64

3

Moon/works...ler.js

windows7-x64

3

Moon/works...ler.js

windows10-2004-x64

3

Moon/works...sha.js

windows7-x64

3

Moon/works...sha.js

windows10-2004-x64

3

Moon/works...ipt.js

windows7-x64

3

Moon/works...ipt.js

windows10-2004-x64

3

Moon/works...sal.js

windows7-x64

3

Moon/works...sal.js

windows10-2004-x64

3

Resubmissions

18-12-2024 18:26

241218-w3lpnsykeq 10

18-12-2024 17:16

241218-vtjchswle1 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Moon.zip

  • Size

    10.5MB

  • Sample

    241218-w3lpnsykeq

  • MD5

    afdea462c07a140b63f6910a7b18e935

  • SHA1

    2bb124b1f6cbeb9126eab1f70561e6bd5a3642ba

  • SHA256

    c48b1d0562f49f921b34fa58c952a4dd991d111003c3543f8852fdddb0b0da4f

  • SHA512

    52a53c5f60ff6725705b9f7581cb69d2140b9f36804ce2987347ffff3e5fc3244fa9e5b5ab062989419dd0dfd6943f1af8b009cf16745d62b2cfa171f58499ab

  • SSDEEP

    196608:AdHOE10T4CiiCRuTnNIa216yWM4yaAJWriqQxwGuKcya190r0uPTqkbOa//:AdHgGiCRu6a3yWMP02qQxFAywTuPTqkl

Score
10/10
discordratdiscoveryexecutionpersistenceratrootkitstealervmprotect

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTMwOTY1NDI0NzE0Njc4MjczMw.GdCiWO.QDjWo8z0Xk0JdOHCguuepaT0RNYGA63CrYGXZo

  • server_id

    1280835675205406823

Targets

    • Target

      Moon.zip

    • Size

      10.5MB

    • MD5

      afdea462c07a140b63f6910a7b18e935

    • SHA1

      2bb124b1f6cbeb9126eab1f70561e6bd5a3642ba

    • SHA256

      c48b1d0562f49f921b34fa58c952a4dd991d111003c3543f8852fdddb0b0da4f

    • SHA512

      52a53c5f60ff6725705b9f7581cb69d2140b9f36804ce2987347ffff3e5fc3244fa9e5b5ab062989419dd0dfd6943f1af8b009cf16745d62b2cfa171f58499ab

    • SSDEEP

      196608:AdHOE10T4CiiCRuTnNIa216yWM4yaAJWriqQxwGuKcya190r0uPTqkbOa//:AdHgGiCRu6a3yWMP02qQxFAywTuPTqkl

    Score
    10/10
    discordratdiscoverypersistenceratrootkitstealer
    behavioral1behavioral2

    • Target

      Moon/BootstraperRunmethenopenMoon.exe

    • Size

      78KB

    • MD5

      be484423fb9da2ded0ce793764f37802

    • SHA1

      911dfe225fb915847f497588a201db06e2fd787f

    • SHA256

      aff38167e9c702dab38347e95973ae16fa21b23f9bfa5874bf3f9b269e6a4b3a

    • SHA512

      a17a457d8d2f2a5bac799e3191c76d14fc955e9d95af2dc938a92b2bb668c97221aa87915c1e9fb65ad557e1cb3e8e41d6e0542b6853f78fb11331f32022746c

    • SSDEEP

      1536:NzGsO8XbEXMsLkbvNrfxCXhRoKV6+V+Y15:NqbkbvNrmAE+o5

    Score
    10/10
    discordratpersistenceratrootkitstealer
    behavioral3behavioral4

    • Target

      Moon/ForlornApi.dll

    • Size

      13KB

    • MD5

      7392cca8d4501d4f7427a85b8b654f32

    • SHA1

      baa253b7a7f1aed7633f248ad137f881a91c70c7

    • SHA256

      8b6cd9ef4de8010c3b849e18a3fc009f42bcd350bdf575287f1f237d68b3d394

    • SHA512

      1716c68561f6ad490498c75cecb910372b26a600d7e81c033442b46beb688e2ed163c0b6cb993408f2ddfd37bc20de2b5afe61e3976c365f7c149204ff84d2fd

    • SSDEEP

      192:vT8pAUmIXruvxa8LhYWoii0PxKo1uELE3aEf++eNJL+2kanWJQvtVq+N9:r8xlXeph7oVOD1uEHNNZDtVN9

    Score
    1/10
    behavioral5behavioral6

    • Target

      Moon/ForlornInject.dll

    • Size

      6.3MB

    • MD5

      a40dcf9942879728c738a5161e9ea455

    • SHA1

      3d35c866c70db1c34daba07197bc4a834bc794f3

    • SHA256

      8e11bbf4a2f5ea522804219789db209f906ec7e23d5b273547e4eceee82b6c44

    • SHA512

      ab41eddeee2c7edb9dda5d91843546f2d0e41e11ac125cd9750b9531a63c7f4abd2faee412d8fd309390d1040e5b787ea98dfd754b14830aecedc739e0a9fbde

    • SSDEEP

      196608:VqHqqhOnCaiiyFUHH76pyS1Ii8eGAvKQ0pOwqz:VqH8iiyFUSydi8eePpOw+

    Score
    7/10
    vmprotect

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect
    behavioral7behavioral8

    • Target

      Moon/MoonBETA.dll

    • Size

      312KB

    • MD5

      5bae36c5feca5e1539da4bae2459857e

    • SHA1

      2e304ca874ce5ec6f214dbdfc83aaa51d08a2fe7

    • SHA256

      226a3c98b96e562615d9c638ce62a5a65c9cf533a34bae14b9de7a62c44d0f64

    • SHA512

      521a7eaa591dd3d7f5649e1bc48c9cec5df410834f9cfacabc4731b64fc0165e3d05d57d2e635cee21f058f1e4e13d537dc72f4e982d2295edf2884e115f85ca

    • SSDEEP

      6144:9Qz20+OXaDKNKigtRUurSQ07mMiDsNNFc2KigtRUur:9QSGpyRSD7FsiDIR

    Score
    1/10
    behavioral10behavioral9

    • Target

      Moon/MoonBETARUNBOOT.exe

    • Size

      135KB

    • MD5

      2f4a9e448314620c6395ffeb7b2badf2

    • SHA1

      45649c5a62007d47c90ddaa072ba746f04e5fb9b

    • SHA256

      23fa7314c51fccaac9a9e79a67951194379ba785f1ef6b3932daa0ad62455eab

    • SHA512

      fe882ecb71ab4b2d5ae00ba3cb8ee4e1b1d3f5cfc08ac3bbeb0360b55718f5433a96d1588be792efd0688e8855a3a593d0c79234e4e0eca95ba0bad9bc8530c0

    • SSDEEP

      3072:rjK4UGDHXrQ8hy7qgpHulWD9ZvZ5Pf3Ca10xuZ04ntfObhBuU:rjK4TDUqgpqWDLZ5H+xuZ04shA

    Score
    3/10
    discovery
    behavioral11behavioral12

    • Target

      Moon/workspace/vape/CustomModules/6872274481.lua

    • Size

      345KB

    • MD5

      dcdbdb83267b6b803bb3171ebcfc7152

    • SHA1

      bd64a4164c1e0da942e54389f3848b89cd197947

    • SHA256

      36c0ae0d99b9c2d8147e0bb7225b9eb7571ac0b93c5a8cd6be0235ad0be39c05

    • SHA512

      b48306c7325b26a1cb68c4048645ec54afa9be2f908dcc1e789b3d572ce8c7a3759794e43c544044af5a1057bd8d44ed03f0358bccb2001f927ab262341c8165

    • SSDEEP

      6144:skOno3FtVdyua5fMGZGeC0LyQdu947toCbjlLX4UGeP4a0XD4:5tVdykt0OQdHlLIeP4aYE

    Score
    3/10
    execution
    behavioral13behavioral14

    • Target

      Moon/workspace/vape/GuiLibrary.lua

    • Size

      319KB

    • MD5

      ac1cee0caefeed479df85604e69873c6

    • SHA1

      204e0f0793fd1e707d06d957c57b7a4c6fa471fa

    • SHA256

      0521f91ffdfd8906464a0b79300b999335edb2f3cdb902093a2dfb25edf7beb1

    • SHA512

      c1793b507653f37ff2bb8abf8d212fda57edd738bdb0cc84196e7d7d064069b07d7b47a95ca6f8ec6db8bf9a39a4d0b6465a12133f9c3be04887dc1687ad7154

    • SSDEEP

      3072:6fmwRHjS0ObMPjVw+usbpNpz4hXwz5Ts45FjKbnFNMDnlaAXiUk81r89k:6fJhus5OAmhyfhwk

    Score
    3/10
    execution
    behavioral15behavioral16

    • Target

      Moon/workspace/vape/Libraries/entityHandler.lua

    • Size

      8KB

    • MD5

      5084a3e5fe80975893d9658430f8b067

    • SHA1

      6cabb6cadd0b46f3e152f85a0fec49f9c76f4a49

    • SHA256

      6e87834fefebf2d3749bf29c72eb9626e50cc5defc384c1564b042b7b2a2f421

    • SHA512

      f94662fd80a1eac542ee860c9f76f777b5a1b6077367b4c1813e9c7be43aeb37e7d43b372fd20412a4cca811a22b790e5e12fe2f95a3b980446459e3af1bd3d5

    • SSDEEP

      192:cACGCPCSV6sa7T+kuOlpKk7EyJZksIqFZ2vbpRdvBsJ3lnMtA:w7qrf+kukpKUEyrH2vlo3lnMtA

    Score
    3/10
    execution
    behavioral17behavioral18

    • Target

      Moon/workspace/vape/Libraries/sha.lua

    • Size

      52KB

    • MD5

      0611c8315d87ba0144f26ffd77b6ef0a

    • SHA1

      356e8753700fdb1054c4eea1fe8ec93ffc0456e9

    • SHA256

      f45856cbbdc66811cebfeb0215c31f8c23a1b40f4f0f54ab43e9faa703a1a6b3

    • SHA512

      8ebd2e243e386ee0b212feb08a27c8c1ad6d4fcdbcf0f2feb646c699d7688a45ecfb1498ef138cf82635d9c49faca517e3ca89ff431a83c643766c17fd22e1c9

    • SSDEEP

      1536:BJkjWUKqPDxWJQhgzFD+CtwzDZlzmXVKZKBHu3:BWKqPDYGgx+fzfmF2KBHu3

    Score
    3/10
    execution
    behavioral19behavioral20

    • Target

      Moon/workspace/vape/MainScript.lua

    • Size

      83KB

    • MD5

      4e3739d68f5985ab3797ab33e0975cdd

    • SHA1

      7c37faf5a8643a5190ba286b630c9d3fe5bf32af

    • SHA256

      3befe40113dd767799be851b50d23a56923ea296d2b50b3051a5764e18bd5641

    • SHA512

      679faf5fa0f189eef742360cd5efecc429760544a0a6002fab8ea66d04c59202113ca1df804cc50af2adb9dba5ce94407ff22f0f1e7074d3d2ff8f703b5d5d9e

    • SSDEEP

      768:aABxHBr9wodvBHW50nmXsWjk1jpVxjfjTIkjblSBd4UN6j0jo/QIIj8j8jLzYvDj:zh9lNDZL3QwxBXpEJxrSCNhPKydZlM

    Score
    3/10
    execution
    behavioral21behavioral22

    • Target

      Moon/workspace/vape/Universal.lua

    • Size

      226KB

    • MD5

      eb95d22e5cd46115b5c8ff548ab3599b

    • SHA1

      71417ea5b9492f2822d82301908d91fab2841ef5

    • SHA256

      6d12ab4dde5a0ce57e6d5e310b1c0f6c5e565544527812fc413d077c79d6422d

    • SHA512

      92819f008eb0f1c8a742eee965ea638791173ea9887ac80664fe56dc3f7ec58a90db60a42de3c2ccbaaa332543bf6fa444008bd765bfb00e03efbc584c0c0fc1

    • SSDEEP

      3072:z+wBs0BFell2p68duxfceqHO6KqTPuJ+2M0lGC4k/fPS345bNa3jaQbbmRja0bbb:z+oBBFellywcZiGRewEHvoHpa92YH

    Score
    3/10
    execution
    behavioral23behavioral24

MITRE ATT&CK Enterprise v15

Tasks

static1

vmprotectdiscordrat
Score
10/10

behavioral1

discordratdiscoverypersistenceratrootkitstealer
Score
10/10

behavioral2

Score
1/10

behavioral3

discordratpersistenceratrootkitstealer
Score
10/10

behavioral4

discordratpersistenceratrootkitstealer
Score
10/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

vmprotect
Score
7/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

discovery
Score
3/10

behavioral12

Score
1/10

behavioral13

execution
Score
3/10

behavioral14

execution
Score
3/10

behavioral15

execution
Score
3/10

behavioral16

execution
Score
3/10

behavioral17

execution
Score
3/10

behavioral18

execution
Score
3/10

behavioral19

execution
Score
3/10

behavioral20

execution
Score
3/10

behavioral21

execution
Score
3/10

behavioral22

execution
Score
3/10

behavioral23

execution
Score
3/10

behavioral24

execution
Score
3/10