MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ec5ab723a255e763e9c87a23d44794b70108b988c7053432177d5dadafd7e645. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


LunaLogger


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ec5ab723a255e763e9c87a23d44794b70108b988c7053432177d5dadafd7e645
SHA3-384 hash: 2037dda0bc4b56b3a560c77fbd3b425315a097906f9234780a5b33cd872c1eaa927408e69399e4b60a1790cfde69ac48
SHA1 hash: 9187f67b281cda6e8ef2100a86a135bb57610062
MD5 hash: ecd36dc06d0df833cdf3c98cfba0af49
humanhash: fruit-six-yankee-failed
File name:fme.exe
Download: download sample
Signature LunaLogger
Create hunting rule
File size:32'656'931 bytes
First seen:2022-12-31 02:54:21 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 136c2b04aed0d667b0a58b05e7fc512a (1 x LunaLogger)
ssdeep 786432:3MfXGi7IRGNVeiCHOpaB3xX1GMIxqiuCcrBc/Ctw:cf2qs2yOq3xAMwu8
Threatray 39 similar samples on MalwareBazaar
TLSH T1446733C2B395DACDD808E63DB9C1DCAA30FEFC094736C755DA2608F7A6D0FA84669111
TrID 44.4% (.EXE) Win64 Executable (generic) (10523/12/4)
21.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
8.7% (.ICL) Windows Icons Library (generic) (2059/9)
8.5% (.EXE) OS/2 Executable (generic) (2029/13)
8.4% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter atomiczsec
Tags:exe LunaLogger

Intelligence

File Origin
# of uploads :
1
# of downloads :
193
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
fme.exe
Verdict:
Malicious activity
Analysis date:
2022-12-31 02:55:04 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/8a72f868-f4c2-47db-a2b2-81d3c654ebf5

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Creating a file in the %temp% directory
Creating a process from a recently created file
Creating a file
Running batch commands
Creating a process with a hidden window
Using the Windows Management Instrumentation requests
DNS request
Sending a custom TCP request
Launching a process
Launching the process to change network settings
Сreating synchronization primitives
Enabling autorun by creating a file
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug greyware nanocore overlay packed spyeye tofsee
Link:
https://www.filescan.io/uploads/63afa48afc9525ae8a44c049/reports/26763e15-68a4-429c-bd9a-b5d682479389/overview
Result
Verdict:
MALICIOUS
Result
Threat name:
Discord Token Stealer, Luna Logger
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/1143386
Signature
May check the online IP address of the machine
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected Discord Token Stealer
Yara detected Luna Logger
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 776116 Sample: fme.exe Startdate: 31/12/2022 Architecture: WINDOWS Score: 76 24 api4.ipify.org 2->24 26 api.ipify.org 2->26 28 Multi AV Scanner detection for submitted file 2->28 30 Yara detected Discord Token Stealer 2->30 32 Yara detected Luna Logger 2->32 34 May check the online IP address of the machine 2->34 10 fme.exe 1 2->10         started        signatures3 process4 file5 22 C:\Users\user\AppData\Local\Temp\44173.exe, PE32+ 10->22 dropped 13 44173.exe 501 10->13         started        process6 signatures7 36 Multi AV Scanner detection for dropped file 13->36 16 44173.exe 3 13->16         started        process8 process9 18 cmd.exe 1 16->18         started        process10 20 conhost.exe 18->20         started       
Gathering data
Threat name:
Win64.Trojan.BotX
Create hunting rule
Status:
Malicious
First seen:
2022-11-27 01:00:58 UTC
File Type:
PE+ (Exe)
AV detection:
16 of 24 (66.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5rnloi5ckxtwh2oipir5ir4uw4aqromiy4ctimqxpvo23l6x4zcq._file
Verdict:
malicious
Similar samples:
08da286f669199a5c2b131f66614bbb3718b159e48885f4a2b1c9af718256dd0
LunaLogger
12a23889a21d1682c204c2530270c5e80d0666f00382ee14bed50babf68daa83
LunaLogger
20632d113408af16371070219ed4e9f260a3cc23db39fcddce2580ebf6669b5f
LunaLogger
329d77b0ab5af0e568b9d56e3c3f7afc4266bf2cea0bd816ed4e67d4c9a09692
LunaLogger
61b16d71a76f83cef63d079b0735cd0a1cee24f1119063e28ef1f227f2bb27c4
LunaLogger
6ae3599bcbb951c7fe73ab6060a654b5ced2e83cf3ff15038bec95743232425e
LunaLogger
88214cd533e440416cb5fec9e1a419ad952cd3524274110eaa8ce8e1dbcd826a
LunaLogger
937e73c80582b2c880a5af198e6520e76e22c3e1ef2fe4a8278d0b49ec61ef86
LunaLogger
c6af2ec456ad02b9eb3faf9fd9384d3dc43a55e7b1a58eec4440ee4bde1e99ce
LunaLogger
d18e18eeee28b729ec305ddbafd393f3b36a8e5d6a3ba66d8c6d0eb6a1a210d0
LunaLogger
+ 29 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
pyinstaller upx
Link:
https://tria.ge/reports/221231-def56sha83/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Detects Pyinstaller
Looks up external IP address via web service
Loads dropped DLL
Executes dropped EXE
UPX packed file
Verdict:
Unknown
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/8b1317f9-209e-49d3-af40-a5a0f19a2e6b
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ec5ab723a255e763e9c87a23d44794b70108b988c7053432177d5dadafd7e645

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments