General

  • Target

    66fcf7b770ca9f62f18c4c30e3d4597b9ba86091d737abb4f83acfd31ed81f4f

  • Size

    306KB

  • Sample

    220129-2q6f7sbdf2

  • MD5

    6cdbe9944dc0f99bd89379b5bb715ddc

  • SHA1

    75cc7159ba568fb936354473c70c338e37f1a55c

  • SHA256

    66fcf7b770ca9f62f18c4c30e3d4597b9ba86091d737abb4f83acfd31ed81f4f

  • SHA512

    fe42b09547596be9c621abb27b9c930046d2c56f7d9a924560f3c65142ca4ceaef3c0a110e2fa19bbb4c9e7a02e712edb49c4796dafa4dac23f9bf8c9cb1e6ed

Malware Config

Targets

    • Target

      66fcf7b770ca9f62f18c4c30e3d4597b9ba86091d737abb4f83acfd31ed81f4f

    • Size

      306KB

    • MD5

      6cdbe9944dc0f99bd89379b5bb715ddc

    • SHA1

      75cc7159ba568fb936354473c70c338e37f1a55c

    • SHA256

      66fcf7b770ca9f62f18c4c30e3d4597b9ba86091d737abb4f83acfd31ed81f4f

    • SHA512

      fe42b09547596be9c621abb27b9c930046d2c56f7d9a924560f3c65142ca4ceaef3c0a110e2fa19bbb4c9e7a02e712edb49c4796dafa4dac23f9bf8c9cb1e6ed

    • Luminosity

      Luminosity is a RAT family that was on sale, while claiming to be a system administration utility.

    • Modifies WinLogon for persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks