LunaGrabber | 22431a11497a177fcb5aa362c7a7a7eb21e1c9a27015233f750a24abcbb730cf

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
07-01-2025 01:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

UuuClient.exe
Size

446KB
MD5

f27ece59b091a854a1a1d94eff3f27ae
SHA1

e5b0260fafccf5c46cd066d70e2f608a39036b88
SHA256

22431a11497a177fcb5aa362c7a7a7eb21e1c9a27015233f750a24abcbb730cf
SHA512

c06be34e69f9fdc92cb4c98d3c60cd022f779f7fb155fb4f26eb96df50b0433bf8e25d904427f68ce334ef1076053c336753aba5cefac2273673c5187369d646
SSDEEP

3072:4r7fUiujm4LRk2sdVCx42LNtu2ykNARuyuY4YrMR2nR1kwGZPWMaQiDr:mRIUjCxE9kNAcyRMPRZ+hD

Score

10^/10

LunaGrabber redtiger luna stealer

Malware Config

Signatures

Detects RedTiger Stealer 21 IoCs

stealer

resource	yara_rule
behavioral1/memory/2688-1-0x0000000000310000-0x0000000000384000-memory.dmp	redtigerv122
behavioral1/memory/2688-1-0x0000000000310000-0x0000000000384000-memory.dmp	redtigerv22
behavioral1/memory/2688-1-0x0000000000310000-0x0000000000384000-memory.dmp	redtiger_stealer_detection
behavioral1/memory/2688-1-0x0000000000310000-0x0000000000384000-memory.dmp	redtiger_stealer_detection_v2
behavioral1/memory/2688-1-0x0000000000310000-0x0000000000384000-memory.dmp	staticSred
behavioral1/memory/2688-1-0x0000000000310000-0x0000000000384000-memory.dmp	staticred
behavioral1/memory/2688-1-0x0000000000310000-0x0000000000384000-memory.dmp	redtiger_stealer_detection_v1
behavioral1/memory/2688-2-0x000007FEF5980000-0x000007FEF636C000-memory.dmp	redtigerv122
behavioral1/memory/2688-2-0x000007FEF5980000-0x000007FEF636C000-memory.dmp	redtigerv22
behavioral1/memory/2688-2-0x000007FEF5980000-0x000007FEF636C000-memory.dmp	redtiger_stealer_detection
behavioral1/memory/2688-2-0x000007FEF5980000-0x000007FEF636C000-memory.dmp	redtiger_stealer_detection_v2
behavioral1/memory/2688-2-0x000007FEF5980000-0x000007FEF636C000-memory.dmp	staticSred
behavioral1/memory/2688-2-0x000007FEF5980000-0x000007FEF636C000-memory.dmp	staticred
behavioral1/memory/2688-2-0x000007FEF5980000-0x000007FEF636C000-memory.dmp	redtiger_stealer_detection_v1
behavioral1/memory/2688-3-0x000007FEF5980000-0x000007FEF636C000-memory.dmp	redtigerv122
behavioral1/memory/2688-3-0x000007FEF5980000-0x000007FEF636C000-memory.dmp	redtigerv22
behavioral1/memory/2688-3-0x000007FEF5980000-0x000007FEF636C000-memory.dmp	redtiger_stealer_detection
behavioral1/memory/2688-3-0x000007FEF5980000-0x000007FEF636C000-memory.dmp	redtiger_stealer_detection_v2
behavioral1/memory/2688-3-0x000007FEF5980000-0x000007FEF636C000-memory.dmp	staticSred
behavioral1/memory/2688-3-0x000007FEF5980000-0x000007FEF636C000-memory.dmp	staticred
behavioral1/memory/2688-3-0x000007FEF5980000-0x000007FEF636C000-memory.dmp	redtiger_stealer_detection_v1

Lunagrabber family
LunaGrabber

Matches Luna Grabber Rule For Entry 2 IoCs

Detects behavior indicative of Luna Grabber malware

stealer luna

resource	yara_rule
behavioral1/memory/2688-2-0x000007FEF5980000-0x000007FEF636C000-memory.dmp	LunaGrabber
behavioral1/memory/2688-3-0x000007FEF5980000-0x000007FEF636C000-memory.dmp	LunaGrabber

Redtiger family
redtiger

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2688 wrote to memory of 1240	2688	UuuClient.exe	30
PID 2688 wrote to memory of 1240	2688	UuuClient.exe	30
PID 2688 wrote to memory of 1240	2688	UuuClient.exe	30

C:\Users\Admin\AppData\Local\Temp\UuuClient.exe
"C:\Users\Admin\AppData\Local\Temp\UuuClient.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2688
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2688 -s 608
  2⤵
  PID:1240

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2688-0-0x000007FEF5983000-0x000007FEF5984000-memory.dmp

Filesize
4KB

Download
memory/2688-1-0x0000000000310000-0x0000000000384000-memory.dmp

Filesize
464KB

Download
memory/2688-2-0x000007FEF5980000-0x000007FEF636C000-memory.dmp

Filesize
9.9MB

Download
memory/2688-3-0x000007FEF5980000-0x000007FEF636C000-memory.dmp

Filesize
9.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads