General
-
Target
956b829ffcde9070a7b78fd56d3e08dc3d91a0d73d4aaaca1ef573f5386508c6
-
Size
454KB
-
Sample
220520-grg5sagbdj
-
MD5
29e6d27c57748d5d213aa77d707a2a05
-
SHA1
9cf15e6d65557297fe4223fbfd48d3c31ca54734
-
SHA256
956b829ffcde9070a7b78fd56d3e08dc3d91a0d73d4aaaca1ef573f5386508c6
-
SHA512
80dd38fc5fa39cd79b4e9eb83557608f92ac4a2a8423cf61eb1ec7c3d3bff15ea1217898faeae3e69682a42918974d08938804b11f56a24b95431d215a7fea9d
Static task
static1
Behavioral task
behavioral1
Sample
956b829ffcde9070a7b78fd56d3e08dc3d91a0d73d4aaaca1ef573f5386508c6.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
956b829ffcde9070a7b78fd56d3e08dc3d91a0d73d4aaaca1ef573f5386508c6.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
956b829ffcde9070a7b78fd56d3e08dc3d91a0d73d4aaaca1ef573f5386508c6
-
Size
454KB
-
MD5
29e6d27c57748d5d213aa77d707a2a05
-
SHA1
9cf15e6d65557297fe4223fbfd48d3c31ca54734
-
SHA256
956b829ffcde9070a7b78fd56d3e08dc3d91a0d73d4aaaca1ef573f5386508c6
-
SHA512
80dd38fc5fa39cd79b4e9eb83557608f92ac4a2a8423cf61eb1ec7c3d3bff15ea1217898faeae3e69682a42918974d08938804b11f56a24b95431d215a7fea9d
Score10/10-
Luminosity
Luminosity is a RAT family that was on sale, while claiming to be a system administration utility.
-
Modifies WinLogon for persistence
-
Looks for VirtualBox Guest Additions in registry
-
Executes dropped EXE
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-