TS-240518-Luna6.exe

Status: finished

Submission Time: 2024-05-18 04:34:13 +02:00

Malicious

Trojan

Luna Logger

Comments

Details

Analysis ID:
1443688
API (Web) ID:
1443688
Analysis Started:

2024-05-18 04:34:14 +02:00
Analysis Finished:

2024-05-18 04:43:33 +02:00
MD5:
9bbee5d6aa4567f3f38c3e499041df6a
SHA1:
17150815e194897c348f588db8eacc915f4d4974
SHA256:
ddac3b2f0fa734edf2a07db0ceec19c3926b9423314e3138dc29a0568a1cdcd9
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 68	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 31/71

malicious

Score: 14/24

malicious

IPs

IP	Country	Detection
104.26.13.205	United States

Domains

Name	IP	Detection
api.ipify.org	104.26.13.205

URLs

Name	Detection
http://www.accv.es/legislacion_c.htm
https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
https://www.python.org/psf/license/)
Click to see the 97 hidden entries
http://www.accv.es00
https://github.com/jaraco/jaraco.functools/issues/5
https://packaging.python.org/specifications/entry-points/
https://google.com/mail
http://www.cert.fnmt.es/dpcs/
https://bugs.python.org/issue44497.
http://crl.xrampsecurity.com/XGCA.crl0
https://cryptography.io/en/latest/security/
https://lukasa.co.uk/2013/01/Choosing_SSL_Version_In_Requests/
http://tools.ietf.org/html/rfc6125#section-6.4.3
http://www.rfc-editor.org/info/rfc7253
http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
http://wwwsearch.sf.net/):
http://crl.securetrust.com/STCA.crl
https://github.com/pypa/setuptools/issues/417#issuecomment-392298401
https://docs.python.org/3/library/multiprocessing.html
https://www.python.org/psf/license/
https://httpbin.org/image/png
https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
https://cryptography.io/en/latest/installation/
http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
https://packaging.python.org/en/latest/specifications/pyproject-toml/#declaring-project-metadata-the
https://tools.ietf.org/html/rfc7231#section-4.3.6)
http://crl.securetrust.com/SGCA.crl0
https://github.com/urllib3/urllib3/issues/2920
http://www.firmaprofesional.com/cps0
https://github.com/Ousret/charset_normalizer
https://github.com/pyca/cryptography/
https://httpbin.org/post
https://github.com/requests/toolbelt/issues/75
https://cryptography.io/
http://blog.cryptographyusering.com/2012/05/how-to-choose-authenticated-encryption.html
https://www.python.org/download/releases/2.3/mro/.
https://github.com/pyca/cryptography
http://tools.ietf.org/html/rfc5869
https://packaging.python.org/en/latest/guides/packaging-namespace-packages/.
http://.../back.jpeg
http://crl.securetrust.com/SGCA.crl
http://crl.securetrust.com/STCA.crlhost.
https://mahler:8092/site-updates.py
http://google.com/
https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
https://foss.heptapod.net/pypy/pypy/-/issues/3539
https://readthedocs.org/projects/cryptography/badge/?version=latest
http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdf
http://bugs.python.org/issue23606)
https://github.com/pyca/cryptography/issues
https://www.apache.org/licenses/LICENSE-2.0
https://peps.python.org/pep-0205/
https://github.com/platformdirs/platformdirs
https://tools.ietf.org/html/rfc3610
http://docs.python.org/3/library/subprocess#subprocess.Popen.kill
http://cacerts.digi
https://upload.pypi.org/legacy/s
https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963
https://discord.com/api/v9/users/
https://refspecs.linuxfoundation.org/elf/gabi4
https://github.com/pypa/packaging
https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64
https://packaging.python.org/en/latest/specifications/core-metadata/
http://crl.dhimyotis.com/certignarootca.crl
https://tools.ietf.org/html/rfc2388#section-4.4
http://goo.gl/zeJZl.
https://github.com/pyca/cryptography/actions?query=workflow%3ACI
https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
https://setuptools.pypa.io/en/latest/
http://docs.python.org/library/unittest.html
https://github.com/mhammond/pywin32
https://discord.com/api/webhooks/1238570399575576576/4JUNo6EdexcffpFZk5ivRNtvSNsiJyX_7vVLpVlkTpiA0Df
http://aka.ms/vcpython27
https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packages
https://github.com/giampaolo/psutil/issues/875.
https://setuptools.pypa.io/en/latest/pkg_resources.html#basic-resource-access
https://www-cs-faculty.stanford.edu/~knuth/fasc2a.ps.gz
https://wwww.certigna.fr/autorites/
https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=main
https://www.apache.org/licenses/
https://httpbin.org/
http://mail.python.org/pipermail/python-dev/2012-June/120787.html.
http://curl.haxx.se/rfc/cookie_spec.ht
https://github.com/python/cpython/issues/86361.
http://foo/bar.tgz
https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
https://wwww.certigna.fr/autorites/0m
https://pypi.org/project/build/).
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdf
https://github.com/python-pillow/Pillow/
https://packaging.python.org/en/latest/specifications/entry-points/
https://cdn.discordapp.com/avatars/l
https://httpbin.org/get
https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy
https://www.roblox.com/mobileapi/userinfo
https://raw.githubusercontent.com/Smug246/Luna-Grabber-Injection/main/injection-obfuscated.js
http://docs.python.org/3/library/subprocess#subprocess.Popen.returncode
http://ocsp.accv.es
http://curl.haxx.se/rfc/cookie_spec.html

Dropped files

No malicious files found. See full and IOC report for all dropped files.

Deep Malware Analysis

TS-240518-Luna6.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Deep Malware Analysis

TS-240518-Luna6.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

TS-240518-Luna6.exe