General

  • Target

    ad6745f26abfb80e1f8557dbbb9427d1c7553bdb1758b6bc0c286472bf29c3da

  • Size

    267KB

  • Sample

    220520-2a7z4aabcl

  • MD5

    5c8b5fa968dd56fe508141c917605957

  • SHA1

    36558ae617e95b96f4aa617a01ddcd108a3330d4

  • SHA256

    ad6745f26abfb80e1f8557dbbb9427d1c7553bdb1758b6bc0c286472bf29c3da

  • SHA512

    3fd8ab606e7157dc958274bd452253e7bb9f415c96cd8eaa0db4cc36e4b6e4ae855d135f26276108d1dee19b8c7be0e88a5135ea34751a7795bb6e018f3eee82

Malware Config

Targets

    • Target

      New PO 8003987747484873672020.exe

    • Size

      293KB

    • MD5

      7c1768b63f9baa0720999f746e56a3ec

    • SHA1

      8bb578ad423522f6f7c54275ed8269601ee68bd7

    • SHA256

      2db7aa7291c73bde092cd4cc8af0aff7eac7245ae5b034d8bb8810c76d85cd91

    • SHA512

      aa40e474dfc97638f75ff9495b8766e546704d80828ecdfc98ea0d3ac01e3c22a4b131ecb22ccbd75bfe15906c259a3db215bbd0684bca2704eee590a5e17b21

    • Luminosity

      Luminosity is a RAT family that was on sale, while claiming to be a system administration utility.

    • Modifies WinLogon for persistence

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks