LunaGrabber | 9bf844781662c6e68157fe3c474808c6e6941255f904559ff0bf4296731a7a4f

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
06-01-2025 22:28

Target

quiet.exe
Size

7.7MB
MD5

4bd1435b6522cf01cd33f515e56c56c0
SHA1

c508ed99f7f769cec65a590ffcd0337435fc4156
SHA256

9bf844781662c6e68157fe3c474808c6e6941255f904559ff0bf4296731a7a4f
SHA512

cc431582aeee1fef42074e8fd2baa3426f8da484f697dd6b2bd80e81b919cead6f0821a21cd4ac19e3fdf727da131bac64ea4522bea7a082787a89254abeabae
SSDEEP

196608:5oD+kdYwfI9jUCBB7m+mKOY7rXrZusooDmhfvsbnTNW/:K5NIHL7HmBYXrYoaUNs

Score

10^/10

Detects RedTiger Stealer 14 IoCs

stealer

resource	yara_rule
behavioral1/files/0x000500000001a497-22.dat	redtigerv122
behavioral1/files/0x000500000001a497-22.dat	redtigerv22
behavioral1/files/0x000500000001a497-22.dat	redtiger_stealer_detection
behavioral1/files/0x000500000001a497-22.dat	redtiger_stealer_detection_v2
behavioral1/files/0x000500000001a497-22.dat	staticSred
behavioral1/files/0x000500000001a497-22.dat	staticred
behavioral1/files/0x000500000001a497-22.dat	redtiger_stealer_detection_v1
behavioral1/memory/1680-24-0x000007FEF5A30000-0x000007FEF6095000-memory.dmp	redtigerv122
behavioral1/memory/1680-24-0x000007FEF5A30000-0x000007FEF6095000-memory.dmp	redtigerv22
behavioral1/memory/1680-24-0x000007FEF5A30000-0x000007FEF6095000-memory.dmp	redtiger_stealer_detection
behavioral1/memory/1680-24-0x000007FEF5A30000-0x000007FEF6095000-memory.dmp	redtiger_stealer_detection_v2
behavioral1/memory/1680-24-0x000007FEF5A30000-0x000007FEF6095000-memory.dmp	staticSred
behavioral1/memory/1680-24-0x000007FEF5A30000-0x000007FEF6095000-memory.dmp	staticred
behavioral1/memory/1680-24-0x000007FEF5A30000-0x000007FEF6095000-memory.dmp	redtiger_stealer_detection_v1

Matches Luna Grabber Rule For Entry 1 IoCs

Detects behavior indicative of Luna Grabber malware

resource	yara_rule
behavioral1/files/0x000500000001a497-22.dat	LunaGrabber

Loads dropped DLL 1 IoCs

pid	Process
1680	quiet.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x000500000001a497-22.dat	upx
behavioral1/memory/1680-24-0x000007FEF5A30000-0x000007FEF6095000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1720 wrote to memory of 1680	1720	quiet.exe	30
PID 1720 wrote to memory of 1680	1720	quiet.exe	30
PID 1720 wrote to memory of 1680	1720	quiet.exe	30

C:\Users\Admin\AppData\Local\Temp\quiet.exe
"C:\Users\Admin\AppData\Local\Temp\quiet.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1720
- C:\Users\Admin\AppData\Local\Temp\quiet.exe
  "C:\Users\Admin\AppData\Local\Temp\quiet.exe"
  2⤵
  - Loads dropped DLL
  PID:1680

C:\Users\Admin\AppData\Local\Temp\_MEI17202\python313.dll

Filesize
1.8MB

MD5
9a3d3ae5745a79d276b05a85aea02549

SHA1
a5e60cac2ca606df4f7646d052a9c0ea813e7636

SHA256
09693bab682495b01de8a24c435ca5900e11d2d0f4f0807dae278b3a94770889

SHA512
46840b820ee3c0fa511596124eb364da993ec7ae1670843a15afd40ac63f2c61846434be84d191bd53f7f5f4e17fad549795822bb2b9c792ac22a1c26e5adf69

Download Submit
memory/1680-24-0x000007FEF5A30000-0x000007FEF6095000-memory.dmp

Filesize
6.4MB

Download