LunaGrabber | 847fb7609f53ed334d5affbb07256c21cb5e6f68b1cc14004f5502d714d2a456

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
07-01-2025 04:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

asss1.exe
Size

14.3MB
MD5

db7a7403e5e248d0e96efe67cef73449
SHA1

11331c98855fdf42bd94a84687661c682336fea9
SHA256

847fb7609f53ed334d5affbb07256c21cb5e6f68b1cc14004f5502d714d2a456
SHA512

4fcf43cc7d337dbe17273e217acc6e98617fc153bf1e8295be6ba7b2afe3c7efca86d5e7eddc1fdf1212c74f1cd1803c5b6b0164e4322d89757cc6897b7313f0
SSDEEP

196608:h05ZqLIe01fXHitqWTpYCq2+2PFL+gY83fJu38IRAsgqsU8fyguPV:hQqL4i0y1K2IUYMIAsV

Score

10^/10

LunaGrabber blackcat redtiger discovery luna ransomware stealer

Malware Config

Signatures

BlackCat
A Rust-based ransomware sold as RaaS first seen in late 2021.
ransomware blackcat
Blackcat family
blackcat

Detects RedTiger Stealer 7 IoCs

stealer

resource	yara_rule
behavioral2/memory/4768-0-0x0000000000230000-0x000000000107C000-memory.dmp	redtigerv122
behavioral2/memory/4768-0-0x0000000000230000-0x000000000107C000-memory.dmp	redtigerv22
behavioral2/memory/4768-0-0x0000000000230000-0x000000000107C000-memory.dmp	redtiger_stealer_detection
behavioral2/memory/4768-0-0x0000000000230000-0x000000000107C000-memory.dmp	redtiger_stealer_detection_v2
behavioral2/memory/4768-0-0x0000000000230000-0x000000000107C000-memory.dmp	staticSred
behavioral2/memory/4768-0-0x0000000000230000-0x000000000107C000-memory.dmp	staticred
behavioral2/memory/4768-0-0x0000000000230000-0x000000000107C000-memory.dmp	redtiger_stealer_detection_v1

Lunagrabber family
LunaGrabber

Matches Luna Grabber Rule For Entry 1 IoCs

Detects behavior indicative of Luna Grabber malware

stealer luna

resource	yara_rule
behavioral2/memory/4768-0-0x0000000000230000-0x000000000107C000-memory.dmp	LunaGrabber

Redtiger family
redtiger

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	asss1.exe

C:\Users\Admin\AppData\Local\Temp\asss1.exe
"C:\Users\Admin\AppData\Local\Temp\asss1.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4768-0-0x0000000000230000-0x000000000107C000-memory.dmp

Filesize
14.3MB

Download