LunaGrabber | d765f74af0a7e3986616b3018fd6190bd389458dcd408f208cb34072ef4eef12

General

Target

final.exe
Size

28.5MB
Sample

250112-2kh4qasphw
MD5

0e8ac8c96394c6a523f41e10788dd32d
SHA1

f5d5e6f86f5f12d25d3813406239341e19e2f4b4
SHA256

d765f74af0a7e3986616b3018fd6190bd389458dcd408f208cb34072ef4eef12
SHA512

8a7ff55f0232fe1fbd4b860f82835cf7e1b7ce9d9bc6dcaad92670e811fa599fbb29b9d902db516d9c512a283168d0f71cfe458cd707d0553748adade954c7d4
SSDEEP

786432:S9Yidh5ngiRW8jjYEA8h1QtIea8DZcUTJl8+Q5++PbmSkytWx04MDIy:S9J5ngwWi8sviIv61ox+Sb5k8Wx04R

Score

10^/10

Malware Config

Targets

- Target
  
  final.exe
- Size
  
  28.5MB
- MD5
  
  0e8ac8c96394c6a523f41e10788dd32d
- SHA1
  
  f5d5e6f86f5f12d25d3813406239341e19e2f4b4
- SHA256
  
  d765f74af0a7e3986616b3018fd6190bd389458dcd408f208cb34072ef4eef12
- SHA512
  
  8a7ff55f0232fe1fbd4b860f82835cf7e1b7ce9d9bc6dcaad92670e811fa599fbb29b9d902db516d9c512a283168d0f71cfe458cd707d0553748adade954c7d4
- SSDEEP
  
  786432:S9Yidh5ngiRW8jjYEA8h1QtIea8DZcUTJl8+Q5++PbmSkytWx04MDIy:S9J5ngwWi8sviIv61ox+Sb5k8Wx04R
Score

10^/10

LunaGrabber redtiger luna stealer defense_evasion discovery evasion execution exploit impact persistence privilege_escalation pyinstaller ransomware spyware trojan
- Detects RedTiger Stealer
  stealer
- Lunagrabber family
  LunaGrabber
- Matches Luna Grabber Rule For Entry
  Detects behavior indicative of Luna Grabber malware
  stealer luna
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Redtiger family
  redtiger
- UAC bypass
  evasion trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware defense_evasion impact execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Disables cmd.exe use via registry modification
  evasion
- Drops file in Drivers directory
- Possible privilege escalation attempt
  exploit
- Drops startup file
- Executes dropped EXE
- Impair Defenses: Safe Mode Boot
  defense_evasion
- Loads dropped DLL
- Modifies file permissions
  discovery
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Enumerates processes with tasklist
  discovery
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
behavioral1 behavioral2