LunaGrabber | Fivem_poablo_gay[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

Fivem_poablo_gay.exe
Size

3.4MB
MD5

e2466a075791161e48689e08c0134b88
SHA1

8cebf58060ab85fa77d420a5e1e751a0009f00fc
SHA256

410bb106acb167fb986dda1e4b951510cb7dbe266bb26228759391e9fbbb711c
SHA512

174552955e4723bc9afa34c0253408bfd38dcd14e2df9a4e721ba3060034aea9cb856973bc7288e4d0feeaba3b3850c2f5a935802c56dda1d8d17f8c0766ce8b
SSDEEP

98304:1+AmEr7yJyDxFLVj0cvjVqxdAGTZ10tb:rr7yJyDxFLVgYVGdAGr+

Score

10^/10

stealer luna LunaGrabber redtiger

Malware Config

Signatures

Detects RedTiger Stealer 7 IoCs

stealer

resource	yara_rule
sample	redtigerv122
sample	redtigerv22
sample	redtiger_stealer_detection
sample	redtiger_stealer_detection_v2
sample	staticSred
sample	staticred
sample	redtiger_stealer_detection_v1

LunaGrabber family
LunaGrabber

Matches Luna Grabber Rule For Entry 1 IoCs

Detects behavior indicative of Luna Grabber malware

stealer luna

resource	yara_rule
sample	LunaGrabber

Redtiger family
redtiger

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Fivem_poablo_gay.exe

Files

Fivem_poablo_gay.exe
.exe windows:6 windows x64 arch:x64

629a0aa6d29aabfd4837e55da8f9800c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Xenon\Desktop\viperx\x64\Release\Fivem-External.pdb

Imports

dwmapi

DwmExtendFrameIntoClientArea

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertOpenStore
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringW
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryW
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore

d3d11

D3D11CreateDeviceAndSwapChain

advapi32

RevertToSelf
CryptDestroyKey
SystemFunction036
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
SetSecurityInfo
IsValidSid
InitializeAcl
GetLengthSid
AddAccessAllowedAce
LookupPrivilegeValueW
PrivilegeCheck
SetTokenInformation
OpenProcessToken
CryptEncrypt
SetThreadToken
RegQueryValueExW
GetTokenInformation
DuplicateTokenEx
CreateProcessAsUserW
CryptImportKey

d3dx11_43

D3DX11CreateShaderResourceViewFromMemory

ntdll

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
VerSetConditionMask

winhttp

WinHttpCloseHandle
WinHttpSendRequest
WinHttpConnect
WinHttpOpenRequest
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpOpen

kernel32

GetStartupInfoW
GetCommandLineW
GetCurrentProcess
OpenProcess
CreateToolhelp32Snapshot
GetLastError
Process32NextW
Process32FirstW
CloseHandle
ExitProcess
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
GetModuleHandleA
GetLocaleInfoA
LoadLibraryA
QueryPerformanceFrequency
GetProcAddress
FreeLibrary
QueryPerformanceCounter
GetModuleHandleW
WriteProcessMemory
CreateFileW
AddVectoredExceptionHandler
InitializeCriticalSectionEx
DeleteCriticalSection
Sleep
CreateThread
CreateProcessW
VirtualProtect
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetModuleFileNameA
GetModuleFileNameW
QueryFullProcessImageNameW
SetLastError
FormatMessageW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
LocalFree
GetSystemDirectoryW
LoadLibraryW
SleepEx
GetSystemInfo
GetTickCount
MoveFileExW
WaitForSingleObjectEx
GetEnvironmentVariableA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
GetCurrentProcessId
VerifyVersionInfoW
GetFileSizeEx
GetFileAttributesExW
AreFileApisANSI
GetFileInformationByHandleEx
WakeAllConditionVariable
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
FindFirstFileW
FindClose
CreateDirectoryW
GetCurrentDirectoryW
GetLocaleInfoEx
FormatMessageA
GetCurrentThreadId
SleepConditionVariableSRW
ReadProcessMemory

user32

DefWindowProcW
CreateWindowExW
MessageBoxA
MapWindowPoints
MoveWindow
SetWindowLongW
SetForegroundWindow
GetKeyState
GetMessageExtraInfo
ScreenToClient
DispatchMessageW
CloseClipboard
GetAsyncKeyState
SetClipboardData
GetCapture
ClientToScreen
TranslateMessage
GetClipboardData
EmptyClipboard
OpenClipboard
GetCursorPos
SetCursorPos
ReleaseCapture
IsWindowUnicode
GetClientRect
SetCursor
PeekMessageW
SetCapture
LoadCursorW
GetForegroundWindow
GetKeyboardLayout
TrackMouseEvent

shell32

ShellExecuteA

msvcp140

?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?id@?$ctype@D@std@@2V0locale@2@A
_Query_perf_frequency
?_Throw_Cpp_error@std@@YAXH@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
_Cnd_do_broadcast_at_thread_exit
_Query_perf_counter
_Thrd_detach
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?uncaught_exceptions@std@@YAHXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Xbad_function_call@std@@YAXXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?good@ios_base@std@@QEBA_NXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPEBDH@Z
_Mtx_lock
_Mtx_unlock
?_Random_device@std@@YAIXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Xinvalid_argument@std@@YAXPEBD@Z
_Xtime_get_ticks
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??7ios_base@std@@QEBA_NXZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow
ImmSetCandidateWindow

d3dcompiler_43

D3DCompile

shlwapi

PathFindFileNameW

psapi

GetModuleInformation

bcrypt

BCryptGenRandom

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__current_exception_context
__current_exception
__C_specific_handler
wcschr
__std_exception_destroy
strrchr
__std_exception_copy
memset
__std_terminate
memmove
strstr
strchr
memcpy
memcmp
memchr
_CxxThrowException

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
free
calloc
_set_new_mode
realloc

api-ms-win-crt-runtime-l1-1-0

_errno
__sys_errlist
__sys_nerr
abort
_beginthreadex
terminate
_invalid_parameter_noinfo_noreturn
_register_thread_local_exe_atexit_callback
_c_exit
system
_exit
exit
_initterm_e
_initterm
_get_wide_winmain_command_line
_initialize_wide_environment
_configure_wide_argv
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table

api-ms-win-crt-stdio-l1-1-0

__p__commode
_get_stream_buffer_pointers
_lseeki64
ftell
__acrt_iob_func
fputc
_wopen
fsetpos
fseek
__stdio_common_vfprintf
feof
fputs
ungetc
fflush
_fseeki64
_read
fclose
fgetc
fwrite
_write
_wfopen
_fileno
_close
fread
__stdio_common_vsprintf
fgetpos
_popen
_pclose
fgets
_set_fmode
setvbuf
__stdio_common_vsscanf

api-ms-win-crt-math-l1-1-0

powf
sinf
fmodf
cosf
ceilf
acosf
_fdopen
__setusermatherr
_dsign
sqrtf

api-ms-win-crt-convert-l1-1-0

strtoull
strtoul
strtoll
strtod
wcstombs
strtol
atoi

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file
_wstat64
_fstat64
_unlink

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
_configthreadlocale
localeconv

api-ms-win-crt-string-l1-1-0

_wcsdup
strncpy
strcspn
wcspbrk
strspn
wcsncmp
strpbrk
_wcsicmp
wcsncpy
_strdup
strncmp
strcmp

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-time-l1-1-0

_localtime64
strftime
_time64
_gmtime64

ws2_32

sendto
WSAGetLastError
inet_pton
WSAWaitForMultipleEvents
ntohs
WSASetLastError
inet_ntop
WSAStartup
WSACleanup
bind
connect
getpeername
getsockname
htons
recv
setsockopt
getsockopt
send
socket
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAIoctl
__WSAFDIsSet
WSAEventSelect
WSAResetEvent
select
accept
gethostname
ioctlsocket
closesocket
recvfrom
freeaddrinfo
htonl
getaddrinfo
listen

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 70KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

629a0aa6d29aabfd4837e55da8f9800c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

dwmapi

crypt32

d3d11

advapi32

d3dx11_43

ntdll

winhttp

kernel32

user32

shell32

msvcp140

imm32

d3dcompiler_43

shlwapi

psapi

bcrypt

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-time-l1-1-0

ws2_32

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 2.2MB - Virtual size: 2.2MB

.data Size: 70KB - Virtual size: 75KB

.pdata Size: 45KB - Virtual size: 45KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 2.2MB - Virtual size: 2.2MB

.data
Size: 70KB - Virtual size: 75KB

.pdata
Size: 45KB - Virtual size: 45KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 3KB - Virtual size: 3KB