blankgrabber | ed00a5f71e3527314904701a72657b5cc812b1afcfbdd13e9487dc3add12c689

Sharing

General

Target

Luna-Grabber-Alpha.zip
Size

7.2MB
Sample

250203-tkt7zswjgz
MD5

c95a5ab682cde6071300ec764565c869
SHA1

709bd30116acaca357e4a39209737bd99eb67a07
SHA256

ed00a5f71e3527314904701a72657b5cc812b1afcfbdd13e9487dc3add12c689
SHA512

cac8dac34ed6d05c2296009cd2bb3a7afa07ab58970e72d752547f9374f37059efcbed380531ed4f3d689b36fd5d91e90a67d243a50a0d7dbfc33e20eb4a272e
SSDEEP

196608:KMVFkE8DSc4eokbV5C5BTDZasMKvjx9Bu:KMV2E8D2eokJg5BTDP1F9A

Score

10^/10

Malware Config

Targets

- Target
  
  Luna-Grabber-Alpha/Builder.exe
- Size
  
  7.3MB
- MD5
  
  a215edd9d9788492b561858e44184bca
- SHA1
  
  77d8816ecce79f525c118687149e2f3b68dcb984
- SHA256
  
  7fbbefdae9adf0f81808b9decf48c08ba4a47293e80cd4855c083ab1f392c184
- SHA512
  
  64dfdf28e74a95af3cef3ad89b45d656bb49fba705665aad7878a397f18ae1c1a7e1aca2df466e80179f130b5350f0ac1eea26affe940742c2c42b8930f035ff
- SSDEEP
  
  196608:uuWYS6uOshoKMuIkhVastRL5Di3uq1D7mW:IYShOshouIkPftRL54DRX
Score

8^/10

upx collection credential_access defense_evasion discovery execution persistence privilege_escalation spyware stealer
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Drops file in Drivers directory
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  Luna-Grabber-Alpha/tools/obfuscation.py
- Size
  
  5KB
- MD5
  
  ee17063bd2e29ac3d56641df002a132e
- SHA1
  
  b3e6e24e97b1a6a4aaac1806f692fd1581455243
- SHA256
  
  098aed7ba679fd41601bef0a4299565816286aed6e7950f9636790d9d3060d96
- SHA512
  
  04d09e01f1a47dd66fd48fae4f60ba6192084053477a58cf6f60e314dea8798687451528ee867b2490269da632861f369c99a01afac54cf2324062e35cafe375
- SSDEEP
  
  96:nFJelq5XP4oL4dsJPuCLI/5xgJ5onRnGuQXcu:nnXAdsXI/5UoR58cu
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  Luna-Grabber-Alpha/tools/update.py
- Size
  
  2KB
- MD5
  
  986c41243fa69b8b7d641c5c0ae40839
- SHA1
  
  b93d3f895e7244cdd8da96eac869a0002792cb7d
- SHA256
  
  4c68b08ee9ce02e3ab1df65f135fac36712eb8a4f8970988ca12a86ad12aee99
- SHA512
  
  151e5203bf4499379dd7cef959ed30e25926575709fa79b4c451493b8a4b7128ef8ae0a873d9edfaf0fa894d3ea00bb8dbc4b780c25801e8c7c8d7a75a3bd057
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  Luna-Grabber-Alpha/tools/upx.py
- Size
  
  843B
- MD5
  
  76efb2a3ae61d0e41f069272fb783cc9
- SHA1
  
  93543bf44215c5bd59d6ece18d435e34c4847598
- SHA256
  
  3100e615d0a1bb235e18b30fc2f0974e7fa02d8c9beaf6d0550e35805e2d3edb
- SHA512
  
  68f6f2348940408198b28739448a1c0bbc6c541ef9e1226645c78fa6ef469a23efeb11188f51c350a68bdf039d0d62e9b26d3160f9324cf6981585332dfdb7cd
Score

3^/10

discovery
behavioral7 behavioral8