Source: XdPHZWGz4k.exe, 00000001.00000003.272829886.000000001C984000.00000004.00000001.sdmp, XdPHZWGz4k.exe, 0000000C.00000002.321493569.000000001CFC0000.00000004.00000001.sdmp, XdPHZWGz4k.exe, 00000010.00000002.340329280.000000000304D000.00000004.00000001.sdmp | String found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c0 |
Source: XdPHZWGz4k.exe, 00000001.00000002.274406226.00000000026AA000.00000004.00000001.sdmp, XdPHZWGz4k.exe, 0000000C.00000003.318001084.000000001D007000.00000004.00000001.sdmp, XdPHZWGz4k.exe, 00000010.00000002.340408555.000000000308A000.00000004.00000001.sdmp | String found in binary or memory: http://cacerts.digicert.com/CloudflareIncRSACA-2.crt0 |
Source: XdPHZWGz4k.exe, 00000001.00000002.274321032.000000000267E000.00000004.00000001.sdmp, XdPHZWGz4k.exe, 0000000C.00000002.321493569.000000001CFC0000.00000004.00000001.sdmp, XdPHZWGz4k.exe, 00000010.00000002.340329280.000000000304D000.00000004.00000001.sdmp | String found in binary or memory: http://cps.letsencrypt.org0 |
Source: XdPHZWGz4k.exe, 00000001.00000003.272829886.000000001C984000.00000004.00000001.sdmp, XdPHZWGz4k.exe, 0000000C.00000002.321493569.000000001CFC0000.00000004.00000001.sdmp, XdPHZWGz4k.exe, 00000010.00000002.340329280.000000000304D000.00000004.00000001.sdmp | String found in binary or memory: http://cps.root-x1.letsencrypt.org0 |
Source: XdPHZWGz4k.exe, 00000001.00000003.272829886.000000001C984000.00000004.00000001.sdmp, XdPHZWGz4k.exe, 0000000C.00000002.321493569.000000001CFC0000.00000004.00000001.sdmp, XdPHZWGz4k.exe, 00000010.00000002.340329280.000000000304D000.00000004.00000001.sdmp | String found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crl0 |
Source: XdPHZWGz4k.exe, 00000001.00000002.274406226.00000000026AA000.00000004.00000001.sdmp, XdPHZWGz4k.exe, 0000000C.00000003.318001084.000000001D007000.00000004.00000001.sdmp, XdPHZWGz4k.exe, 00000010.00000002.340408555.000000000308A000.00000004.00000001.sdmp | String found in binary or memory: http://crl3.digicert.com/CloudflareIncRSACA-2.crl07 |
Source: XdPHZWGz4k.exe, 00000001.00000002.274406226.00000000026AA000.00000004.00000001.sdmp, XdPHZWGz4k.exe, 0000000C.00000003.318001084.000000001D007000.00000004.00000001.sdmp, XdPHZWGz4k.exe, 00000010.00000002.340408555.000000000308A000.00000004.00000001.sdmp | String found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0m |
Source: XdPHZWGz4k.exe, 00000010.00000002.343098466.000000001D0D3000.00000004.00000001.sdmp | String found in binary or memory: http://crl4.digic |
Source: XdPHZWGz4k.exe, 00000001.00000002.274406226.00000000026AA000.00000004.00000001.sdmp, XdPHZWGz4k.exe, 0000000C.00000003.318001084.000000001D007000.00000004.00000001.sdmp, XdPHZWGz4k.exe, 00000010.00000002.340408555.000000000308A000.00000004.00000001.sdmp | String found in binary or memory: http://crl4.digicert.com/CloudflareIncRSACA-2.crl0 |
Source: XdPHZWGz4k.exe, 00000001.00000002.274406226.00000000026AA000.00000004.00000001.sdmp, XdPHZWGz4k.exe, 0000000C.00000002.319503161.0000000002E58000.00000004.00000001.sdmp, XdPHZWGz4k.exe, 00000010.00000002.340408555.000000000308A000.00000004.00000001.sdmp | String found in binary or memory: http://discord.com |
Source: XdPHZWGz4k.exe, 00000001.00000003.272968518.00000000007F9000.00000004.00000001.sdmp | String found in binary or memory: http://go.micz |
Source: XdPHZWGz4k.exe, 00000001.00000002.274271699.000000000264C000.00000004.00000001.sdmp, XdPHZWGz4k.exe, 0000000C.00000002.319475097.0000000002E4B000.00000004.00000001.sdmp, XdPHZWGz4k.exe, 00000010.00000002.340329280.000000000304D000.00000004.00000001.sdmp | String found in binary or memory: http://ip-api.com |
Source: XdPHZWGz4k.exe | String found in binary or memory: http://ip-api.com//json/ |
Source: XdPHZWGz4k.exe, 00000001.00000002.274383164.00000000026A4000.00000004.00000001.sdmp, XdPHZWGz4k.exe, 0000000C.00000002.319475097.0000000002E4B000.00000004.00000001.sdmp, XdPHZWGz4k.exe, 00000010.00000002.340390852.0000000003081000.00000004.00000001.sdmp | String found in binary or memory: http://ip-api.com//json/84.17.52.41 |
Source: XdPHZWGz4k.exe, 00000001.00000002.274271699.000000000264C000.00000004.00000001.sdmp, XdPHZWGz4k.exe, 0000000C.00000002.319342827.0000000002E1D000.00000004.00000001.sdmp, XdPHZWGz4k.exe, 00000010.00000002.340329280.000000000304D000.00000004.00000001.sdmp | String found in binary or memory: http://ip-api.comx |
Source: XdPHZWGz4k.exe, 00000001.00000002.274298274.000000000266D000.00000004.00000001.sdmp, XdPHZWGz4k.exe, 0000000C.00000002.319342827.0000000002E1D000.00000004.00000001.sdmp, XdPHZWGz4k.exe, 00000010.00000002.340329280.000000000304D000.00000004.00000001.sdmp | String found in binary or memory: http://ip4.seeip.org |
Source: XdPHZWGz4k.exe, 00000001.00000002.274406226.00000000026AA000.00000004.00000001.sdmp, XdPHZWGz4k.exe, 0000000C.00000003.318001084.000000001D007000.00000004.00000001.sdmp, XdPHZWGz4k.exe, 00000010.00000002.340408555.000000000308A000.00000004.00000001.sdmp | String found in binary or memory: http://ocsp.digicert.com0 |
Source: XdPHZWGz4k.exe, 00000001.00000002.274406226.00000000026AA000.00000004.00000001.sdmp, XdPHZWGz4k.exe, 0000000C.00000003.318001084.000000001D007000.00000004.00000001.sdmp, XdPHZWGz4k.exe, 00000010.00000002.340408555.000000000308A000.00000004.00000001.sdmp | String found in binary or memory: http://ocsp.digicert.com0: |
Source: XdPHZWGz4k.exe, 00000001.00000002.274321032.000000000267E000.00000004.00000001.sdmp, XdPHZWGz4k.exe, 0000000C.00000002.321493569.000000001CFC0000.00000004.00000001.sdmp, XdPHZWGz4k.exe, 00000010.00000002.340329280.000000000304D000.00000004.00000001.sdmp | String found in binary or memory: http://r3.i.lencr.org/05 |
Source: XdPHZWGz4k.exe, 00000001.00000002.274321032.000000000267E000.00000004.00000001.sdmp, XdPHZWGz4k.exe, 0000000C.00000002.321493569.000000001CFC0000.00000004.00000001.sdmp, XdPHZWGz4k.exe, 00000010.00000002.340329280.000000000304D000.00000004.00000001.sdmp | String found in binary or memory: http://r3.o.lencr.org0 |
Source: XdPHZWGz4k.exe, 00000001.00000002.274271699.000000000264C000.00000004.00000001.sdmp, XdPHZWGz4k.exe, 0000000C.00000002.319252949.0000000002DF9000.00000004.00000001.sdmp, XdPHZWGz4k.exe, 00000010.00000002.340284669.0000000003029000.00000004.00000001.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: XdPHZWGz4k.exe, 00000001.00000002.274406226.00000000026AA000.00000004.00000001.sdmp, XdPHZWGz4k.exe, 0000000C.00000003.318001084.000000001D007000.00000004.00000001.sdmp, XdPHZWGz4k.exe, 00000010.00000002.340408555.000000000308A000.00000004.00000001.sdmp | String found in binary or memory: http://www.digicert.com/CPS0v |
Source: XdPHZWGz4k.exe, 00000001.00000003.272829886.000000001C984000.00000004.00000001.sdmp, XdPHZWGz4k.exe, 0000000C.00000002.321493569.000000001CFC0000.00000004.00000001.sdmp, XdPHZWGz4k.exe, 00000010.00000002.340329280.000000000304D000.00000004.00000001.sdmp | String found in binary or memory: http://x1.c.lencr.org/0 |
Source: XdPHZWGz4k.exe, 00000001.00000003.272829886.000000001C984000.00000004.00000001.sdmp, XdPHZWGz4k.exe, 0000000C.00000002.321493569.000000001CFC0000.00000004.00000001.sdmp, XdPHZWGz4k.exe, 00000010.00000002.340329280.000000000304D000.00000004.00000001.sdmp | String found in binary or memory: http://x1.i.lencr.org/0 |
Source: XdPHZWGz4k.exe, 00000001.00000002.274650996.0000000002811000.00000004.00000001.sdmp, ConDrv.1.dr | String found in binary or memory: https://cdn.discordapp.com/attachments/882953645983957012/883254211461136404/cookies.txt |
Source: XdPHZWGz4k.exe, 00000001.00000002.274686155.0000000002830000.00000004.00000001.sdmp, ConDrv.1.dr | String found in binary or memory: https://cdn.discordapp.com/attachments/882953645983957012/883254213243719690/passwords.txt |
Source: XdPHZWGz4k.exe, 00000001.00000002.274730267.0000000002850000.00000004.00000001.sdmp, ConDrv.1.dr | String found in binary or memory: https://cdn.discordapp.com/attachments/882953645983957012/883254216330711070/Capture.jpg |
Source: XdPHZWGz4k.exe, 0000000C.00000002.319787894.0000000002EFA000.00000004.00000001.sdmp, ConDrv.12.dr | String found in binary or memory: https://cdn.discordapp.com/attachments/882953645983957012/883254299721863178/cookies.txt |
Source: XdPHZWGz4k.exe, 0000000C.00000002.320128808.0000000002FE9000.00000004.00000001.sdmp, ConDrv.12.dr | String found in binary or memory: https://cdn.discordapp.com/attachments/882953645983957012/883254301399584779/passwords.txt |
Source: XdPHZWGz4k.exe, 0000000C.00000002.320190582.0000000003000000.00000004.00000001.sdmp, ConDrv.12.dr | String found in binary or memory: https://cdn.discordapp.com/attachments/882953645983957012/883254304713080833/Capture.jpg |
Source: XdPHZWGz4k.exe, 00000010.00000002.340579707.00000000031F1000.00000004.00000001.sdmp, ConDrv.16.dr | String found in binary or memory: https://cdn.discordapp.com/attachments/882953645983957012/883254341446795304/cookies.txt |
Source: XdPHZWGz4k.exe, 00000010.00000002.340604241.0000000003210000.00000004.00000001.sdmp, ConDrv.16.dr | String found in binary or memory: https://cdn.discordapp.com/attachments/882953645983957012/883254343187447818/passwords.txt |
Source: XdPHZWGz4k.exe, 00000010.00000002.340625873.0000000003230000.00000004.00000001.sdmp, ConDrv.16.dr | String found in binary or memory: https://cdn.discordapp.com/attachments/882953645983957012/883254346521927710/Capture.jpg |
Source: XdPHZWGz4k.exe | String found in binary or memory: https://cdn.discordapp.com/avatars/ |
Source: XdPHZWGz4k.exe, 00000001.00000002.274406226.00000000026AA000.00000004.00000001.sdmp, XdPHZWGz4k.exe, 0000000C.00000002.319503161.0000000002E58000.00000004.00000001.sdmp, XdPHZWGz4k.exe, 00000010.00000002.340408555.000000000308A000.00000004.00000001.sdmp | String found in binary or memory: https://discord.com |
Source: XdPHZWGz4k.exe | String found in binary or memory: https://discord.com/api/webhooks/882954273980284939/Oo5CKwHMkILgJiucQhx_aJyEIHFxNaStS_Rgc-0H9Qm-hz7q |
Source: XdPHZWGz4k.exe, 00000001.00000002.274686155.0000000002830000.00000004.00000001.sdmp, XdPHZWGz4k.exe, 0000000C.00000002.320190582.0000000003000000.00000004.00000001.sdmp, XdPHZWGz4k.exe, 00000010.00000002.340625873.0000000003230000.00000004.00000001.sdmp | String found in binary or memory: https://discord.com8 |
Source: XdPHZWGz4k.exe, 00000001.00000002.274406226.00000000026AA000.00000004.00000001.sdmp, XdPHZWGz4k.exe, 0000000C.00000002.319503161.0000000002E58000.00000004.00000001.sdmp, XdPHZWGz4k.exe, 00000010.00000002.340408555.000000000308A000.00000004.00000001.sdmp | String found in binary or memory: https://discord.comx |
Source: XdPHZWGz4k.exe | String found in binary or memory: https://discordapp.com/api/v8/users/ |
Source: XdPHZWGz4k.exe | String found in binary or memory: https://i.imgur.com/vgxBhmx.png |
Source: XdPHZWGz4k.exe, 00000001.00000002.274650996.0000000002811000.00000004.00000001.sdmp, XdPHZWGz4k.exe, 0000000C.00000002.319787894.0000000002EFA000.00000004.00000001.sdmp, XdPHZWGz4k.exe, 00000010.00000002.340579707.00000000031F1000.00000004.00000001.sdmp | String found in binary or memory: https://i.imgur.com/vgxBhmx.pngultipart/form-data |
Source: XdPHZWGz4k.exe | String found in binary or memory: https://ip4.seeip.org |
Source: XdPHZWGz4k.exe, 00000010.00000002.340284669.0000000003029000.00000004.00000001.sdmp | String found in binary or memory: https://ip4.seeip.org/ |
Source: XdPHZWGz4k.exe, 00000001.00000002.274271699.000000000264C000.00000004.00000001.sdmp, XdPHZWGz4k.exe, 0000000C.00000002.319252949.0000000002DF9000.00000004.00000001.sdmp, XdPHZWGz4k.exe, 00000010.00000002.340284669.0000000003029000.00000004.00000001.sdmp | String found in binary or memory: https://ip4.seeip.orgx |
Source: XdPHZWGz4k.exe, 00000001.00000002.274650996.0000000002811000.00000004.00000001.sdmp, ConDrv.1.dr | String found in binary or memory: https://media.discordapp.net/attachments/882953645983957012/883254211461136404/cookies.txt |
Source: XdPHZWGz4k.exe, 00000001.00000002.274686155.0000000002830000.00000004.00000001.sdmp, ConDrv.1.dr | String found in binary or memory: https://media.discordapp.net/attachments/882953645983957012/883254213243719690/passwords.txt |
Source: XdPHZWGz4k.exe, 00000001.00000002.274730267.0000000002850000.00000004.00000001.sdmp, ConDrv.1.dr | String found in binary or memory: https://media.discordapp.net/attachments/882953645983957012/883254216330711070/Capture.jpg |
Source: XdPHZWGz4k.exe, 0000000C.00000002.319787894.0000000002EFA000.00000004.00000001.sdmp, ConDrv.12.dr | String found in binary or memory: https://media.discordapp.net/attachments/882953645983957012/883254299721863178/cookies.txt |
Source: XdPHZWGz4k.exe, 0000000C.00000002.320128808.0000000002FE9000.00000004.00000001.sdmp, ConDrv.12.dr | String found in binary or memory: https://media.discordapp.net/attachments/882953645983957012/883254301399584779/passwords.txt |
Source: XdPHZWGz4k.exe, 0000000C.00000002.320190582.0000000003000000.00000004.00000001.sdmp, ConDrv.12.dr | String found in binary or memory: https://media.discordapp.net/attachments/882953645983957012/883254304713080833/Capture.jpg |
Source: XdPHZWGz4k.exe, 00000010.00000002.340579707.00000000031F1000.00000004.00000001.sdmp, ConDrv.16.dr | String found in binary or memory: https://media.discordapp.net/attachments/882953645983957012/883254341446795304/cookies.txt |
Source: XdPHZWGz4k.exe, 00000010.00000002.340604241.0000000003210000.00000004.00000001.sdmp, ConDrv.16.dr | String found in binary or memory: https://media.discordapp.net/attachments/882953645983957012/883254343187447818/passwords.txt |
Source: XdPHZWGz4k.exe, 00000010.00000002.340625873.0000000003230000.00000004.00000001.sdmp, ConDrv.16.dr | String found in binary or memory: https://media.discordapp.net/attachments/882953645983957012/883254346521927710/Capture.jpg |
Source: XdPHZWGz4k.exe, 00000001.00000002.274686155.0000000002830000.00000004.00000001.sdmp, XdPHZWGz4k.exe, 00000001.00000002.274298274.000000000266D000.00000004.00000001.sdmp, XdPHZWGz4k.exe, 0000000C.00000002.320190582.0000000003000000.00000004.00000001.sdmp, XdPHZWGz4k.exe, 00000010.00000002.340625873.0000000003230000.00000004.00000001.sdmp | String found in binary or memory: https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct |
Source: XdPHZWGz4k.exe | String found in binary or memory: https://www.countryflags.io/ |
Source: XdPHZWGz4k.exe, 00000010.00000002.340408555.000000000308A000.00000004.00000001.sdmp | String found in binary or memory: https://www.countryflags.io/CH/flat/48.png |
Source: XdPHZWGz4k.exe, 00000001.00000002.274406226.00000000026AA000.00000004.00000001.sdmp, XdPHZWGz4k.exe, 0000000C.00000003.318001084.000000001D007000.00000004.00000001.sdmp, XdPHZWGz4k.exe, 00000010.00000002.340408555.000000000308A000.00000004.00000001.sdmp | String found in binary or memory: https://www.digicert.com/CPS0 |
Source: XdPHZWGz4k.exe, type: SAMPLE | Matched rule: MAL_Luna_Stealer_Apr_2021_1 date = 2021-08-29, hash4 = ce35eb5ba2f3f36b3d2742b33d3dbbe95f5ec6b93942ba20be4693528b163e3a, hash3 = 0521bb85472869598d9aa822b11edc04044dbe876dbf9900565bfdc8e02c2b21, hash2 = 93563f68975a858ff07f7eb91f4e0c997f0212d58b1755704d89fecd442d448f, hash1 = a14918133b9b818fa2e8728faa075c4f173fa69abc424f39621d6aa1405f5a18, author = Arkbird_SOLG, description = Detect Luna stealer (also Mercurial Grabber), adversary = -, reference = https://github.com/NightfallGT/Mercurial-Grabber, tlp = White |
Source: 12.2.XdPHZWGz4k.exe.bc0000.0.unpack, type: UNPACKEDPE | Matched rule: MAL_Luna_Stealer_Apr_2021_1 date = 2021-08-29, hash4 = ce35eb5ba2f3f36b3d2742b33d3dbbe95f5ec6b93942ba20be4693528b163e3a, hash3 = 0521bb85472869598d9aa822b11edc04044dbe876dbf9900565bfdc8e02c2b21, hash2 = 93563f68975a858ff07f7eb91f4e0c997f0212d58b1755704d89fecd442d448f, hash1 = a14918133b9b818fa2e8728faa075c4f173fa69abc424f39621d6aa1405f5a18, author = Arkbird_SOLG, description = Detect Luna stealer (also Mercurial Grabber), adversary = -, reference = https://github.com/NightfallGT/Mercurial-Grabber, tlp = White |
Source: 1.0.XdPHZWGz4k.exe.3a0000.0.unpack, type: UNPACKEDPE | Matched rule: MAL_Luna_Stealer_Apr_2021_1 date = 2021-08-29, hash4 = ce35eb5ba2f3f36b3d2742b33d3dbbe95f5ec6b93942ba20be4693528b163e3a, hash3 = 0521bb85472869598d9aa822b11edc04044dbe876dbf9900565bfdc8e02c2b21, hash2 = 93563f68975a858ff07f7eb91f4e0c997f0212d58b1755704d89fecd442d448f, hash1 = a14918133b9b818fa2e8728faa075c4f173fa69abc424f39621d6aa1405f5a18, author = Arkbird_SOLG, description = Detect Luna stealer (also Mercurial Grabber), adversary = -, reference = https://github.com/NightfallGT/Mercurial-Grabber, tlp = White |
Source: 16.2.XdPHZWGz4k.exe.af0000.0.unpack, type: UNPACKEDPE | Matched rule: MAL_Luna_Stealer_Apr_2021_1 date = 2021-08-29, hash4 = ce35eb5ba2f3f36b3d2742b33d3dbbe95f5ec6b93942ba20be4693528b163e3a, hash3 = 0521bb85472869598d9aa822b11edc04044dbe876dbf9900565bfdc8e02c2b21, hash2 = 93563f68975a858ff07f7eb91f4e0c997f0212d58b1755704d89fecd442d448f, hash1 = a14918133b9b818fa2e8728faa075c4f173fa69abc424f39621d6aa1405f5a18, author = Arkbird_SOLG, description = Detect Luna stealer (also Mercurial Grabber), adversary = -, reference = https://github.com/NightfallGT/Mercurial-Grabber, tlp = White |
Source: 1.2.XdPHZWGz4k.exe.3a0000.0.unpack, type: UNPACKEDPE | Matched rule: MAL_Luna_Stealer_Apr_2021_1 date = 2021-08-29, hash4 = ce35eb5ba2f3f36b3d2742b33d3dbbe95f5ec6b93942ba20be4693528b163e3a, hash3 = 0521bb85472869598d9aa822b11edc04044dbe876dbf9900565bfdc8e02c2b21, hash2 = 93563f68975a858ff07f7eb91f4e0c997f0212d58b1755704d89fecd442d448f, hash1 = a14918133b9b818fa2e8728faa075c4f173fa69abc424f39621d6aa1405f5a18, author = Arkbird_SOLG, description = Detect Luna stealer (also Mercurial Grabber), adversary = -, reference = https://github.com/NightfallGT/Mercurial-Grabber, tlp = White |
Source: 12.0.XdPHZWGz4k.exe.bc0000.0.unpack, type: UNPACKEDPE | Matched rule: MAL_Luna_Stealer_Apr_2021_1 date = 2021-08-29, hash4 = ce35eb5ba2f3f36b3d2742b33d3dbbe95f5ec6b93942ba20be4693528b163e3a, hash3 = 0521bb85472869598d9aa822b11edc04044dbe876dbf9900565bfdc8e02c2b21, hash2 = 93563f68975a858ff07f7eb91f4e0c997f0212d58b1755704d89fecd442d448f, hash1 = a14918133b9b818fa2e8728faa075c4f173fa69abc424f39621d6aa1405f5a18, author = Arkbird_SOLG, description = Detect Luna stealer (also Mercurial Grabber), adversary = -, reference = https://github.com/NightfallGT/Mercurial-Grabber, tlp = White |
Source: 16.0.XdPHZWGz4k.exe.af0000.0.unpack, type: UNPACKEDPE | Matched rule: MAL_Luna_Stealer_Apr_2021_1 date = 2021-08-29, hash4 = ce35eb5ba2f3f36b3d2742b33d3dbbe95f5ec6b93942ba20be4693528b163e3a, hash3 = 0521bb85472869598d9aa822b11edc04044dbe876dbf9900565bfdc8e02c2b21, hash2 = 93563f68975a858ff07f7eb91f4e0c997f0212d58b1755704d89fecd442d448f, hash1 = a14918133b9b818fa2e8728faa075c4f173fa69abc424f39621d6aa1405f5a18, author = Arkbird_SOLG, description = Detect Luna stealer (also Mercurial Grabber), adversary = -, reference = https://github.com/NightfallGT/Mercurial-Grabber, tlp = White |
Source: C:\Users\user\AppData\Local\Temp\XdPHZWGz4k.exe, type: DROPPED | Matched rule: MAL_Luna_Stealer_Apr_2021_1 date = 2021-08-29, hash4 = ce35eb5ba2f3f36b3d2742b33d3dbbe95f5ec6b93942ba20be4693528b163e3a, hash3 = 0521bb85472869598d9aa822b11edc04044dbe876dbf9900565bfdc8e02c2b21, hash2 = 93563f68975a858ff07f7eb91f4e0c997f0212d58b1755704d89fecd442d448f, hash1 = a14918133b9b818fa2e8728faa075c4f173fa69abc424f39621d6aa1405f5a18, author = Arkbird_SOLG, description = Detect Luna stealer (also Mercurial Grabber), adversary = -, reference = https://github.com/NightfallGT/Mercurial-Grabber, tlp = White |
Source: C:\Users\user\Desktop\XdPHZWGz4k.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\XdPHZWGz4k.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\XdPHZWGz4k.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\XdPHZWGz4k.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\XdPHZWGz4k.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\XdPHZWGz4k.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\XdPHZWGz4k.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\XdPHZWGz4k.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\XdPHZWGz4k.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\XdPHZWGz4k.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\XdPHZWGz4k.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\XdPHZWGz4k.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\XdPHZWGz4k.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\XdPHZWGz4k.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\XdPHZWGz4k.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\XdPHZWGz4k.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\XdPHZWGz4k.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\XdPHZWGz4k.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\XdPHZWGz4k.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\XdPHZWGz4k.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\XdPHZWGz4k.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\XdPHZWGz4k.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\XdPHZWGz4k.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\XdPHZWGz4k.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\XdPHZWGz4k.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\XdPHZWGz4k.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\XdPHZWGz4k.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\XdPHZWGz4k.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\XdPHZWGz4k.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\XdPHZWGz4k.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\XdPHZWGz4k.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\XdPHZWGz4k.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\XdPHZWGz4k.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\XdPHZWGz4k.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\XdPHZWGz4k.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\XdPHZWGz4k.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\XdPHZWGz4k.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\XdPHZWGz4k.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\XdPHZWGz4k.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\XdPHZWGz4k.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\XdPHZWGz4k.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\XdPHZWGz4k.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\XdPHZWGz4k.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\XdPHZWGz4k.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\XdPHZWGz4k.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\XdPHZWGz4k.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\XdPHZWGz4k.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\XdPHZWGz4k.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\XdPHZWGz4k.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\XdPHZWGz4k.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\XdPHZWGz4k.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\XdPHZWGz4k.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\XdPHZWGz4k.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\XdPHZWGz4k.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\XdPHZWGz4k.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\XdPHZWGz4k.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\XdPHZWGz4k.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\XdPHZWGz4k.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\XdPHZWGz4k.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\XdPHZWGz4k.exe | Process information set: NOOPENFILEERRORBOX | |