LunaGrabber | d765f74af0a7e3986616b3018fd6190bd389458dcd408f208cb34072ef4eef12

Resubmissions

25-01-2025 05:21

250125-f17lcsyrbl 7

13-01-2025 11:30

250113-nmm9kaspgm 10

12-01-2025 22:38

250112-2kh4qasphw 10

Analysis

max time kernel
12s
max time network
20s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
12-01-2025 22:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

final.exe
Size

28.5MB
MD5

0e8ac8c96394c6a523f41e10788dd32d
SHA1

f5d5e6f86f5f12d25d3813406239341e19e2f4b4
SHA256

d765f74af0a7e3986616b3018fd6190bd389458dcd408f208cb34072ef4eef12
SHA512

8a7ff55f0232fe1fbd4b860f82835cf7e1b7ce9d9bc6dcaad92670e811fa599fbb29b9d902db516d9c512a283168d0f71cfe458cd707d0553748adade954c7d4
SSDEEP

786432:S9Yidh5ngiRW8jjYEA8h1QtIea8DZcUTJl8+Q5++PbmSkytWx04MDIy:S9J5ngwWi8sviIv61ox+Sb5k8Wx04R

Score

10^/10

LunaGrabber redtiger luna stealer

Malware Config

Signatures

Detects RedTiger Stealer 7 IoCs

stealer

resource	yara_rule
behavioral1/files/0x00030000000209c0-1182.dat	redtigerv122
behavioral1/files/0x00030000000209c0-1182.dat	redtigerv22
behavioral1/files/0x00030000000209c0-1182.dat	redtiger_stealer_detection
behavioral1/files/0x00030000000209c0-1182.dat	redtiger_stealer_detection_v2
behavioral1/files/0x00030000000209c0-1182.dat	staticSred
behavioral1/files/0x00030000000209c0-1182.dat	staticred
behavioral1/files/0x00030000000209c0-1182.dat	redtiger_stealer_detection_v1

Lunagrabber family
LunaGrabber

Matches Luna Grabber Rule For Entry 1 IoCs

Detects behavior indicative of Luna Grabber malware

stealer luna

resource	yara_rule
behavioral1/files/0x00030000000209c0-1182.dat	LunaGrabber

Redtiger family
redtiger

Loads dropped DLL 1 IoCs

pid	Process
2288	final.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2396 wrote to memory of 2288	2396	final.exe	29
PID 2396 wrote to memory of 2288	2396	final.exe	29
PID 2396 wrote to memory of 2288	2396	final.exe	29

C:\Users\Admin\AppData\Local\Temp\final.exe
"C:\Users\Admin\AppData\Local\Temp\final.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2396
- C:\Users\Admin\AppData\Local\Temp\final.exe
  "C:\Users\Admin\AppData\Local\Temp\final.exe"
  2⤵
  - Loads dropped DLL
  PID:2288

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI23962\gevent-24.11.1.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23962\python312.dll

Filesize
6.6MB

MD5
3c388ce47c0d9117d2a50b3fa5ac981d

SHA1
038484ff7460d03d1d36c23f0de4874cbaea2c48

SHA256
c98ba3354a7d1f69bdca42560feec933ccba93afcc707391049a065e1079cddb

SHA512
e529c5c1c028be01e44a156cd0e7cad0a24b5f91e5d34697fafc395b63e37780dc0fac8f4c5d075ad8fe4bd15d62a250b818ff3d4ead1e281530a4c7e3ce6d35

Download Submit