Overview

overview

10

Static

static

10

Lunar - Co...ld.exe

windows7-x64

7

Lunar - Co...ld.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Lunar.zip

  • Size

    8.4MB

  • Sample

    250208-ax8rcswlaz

  • MD5

    54b4a9597cad32d09ccaeb9688f37ad8

  • SHA1

    985c7fb9030152a39873976595415971d8e54f61

  • SHA256

    9dd702488ffa1609bdb850b5961feeede953fc9342adb73cc9b454fbf5dba7d6

  • SHA512

    c7c1d2ddc0e28f6e687bca9a7423cd05f52631f39973f15d9610e0a0f4ac4896eb8dd52f1e0273f4d9bbe3c89fe3a1c6b3c694b7458027fea9d6338e1809fd5a

  • SSDEEP

    196608:7y1/9GRnR8W0XKvVQARY2i/l2lK3uuAz8JMa31hQAEm:7y1FYnYgD2EAusf2m

Score
10/10
blankgrabberdiscoveryexecutionupx

Malware Config

Targets

    • Target

      Lunar - Copy/Build.exe

    • Size

      8.5MB

    • MD5

      48f7606da9522f3d4e4527fb65fb2c22

    • SHA1

      887c74d1213c796a28122280b6474e51e74a2fc5

    • SHA256

      7e4adc17672b08130e18927c17d142ee3dc31cadb460d0390f2d7e979945c6cf

    • SHA512

      6d426cb2f60cbc56144d31401f70feed85aa8b512902cafcfa74f5a5616133af2f04fb6cf812e552aa53360fed5d585e060a0a730d45d3131a010a748445249c

    • SSDEEP

      196608:Cq06IQR7wfI9jUCD6rlaZLH7qRGrGIY1X/O2YoZy8FUsOnAoF:X4IH20drLYNN9ZjoF

    Score
    8/10
    upxdiscoveryexecution

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks