General

  • Target

    2caa904fe2166ae690b64e54b6388b8e617f3af8ef0e09c82ea4ff5421292b0a

  • Size

    674KB

  • Sample

    220614-1zwgxsfbcm

  • MD5

    83177ea87fa257f3b6e27fb04b369f67

  • SHA1

    79bb15633abe7847ef777be757be74a47d35e616

  • SHA256

    2caa904fe2166ae690b64e54b6388b8e617f3af8ef0e09c82ea4ff5421292b0a

  • SHA512

    afbf1431f638cc91f33c7369f642f63354722ecfa4f86e9f18cf205187da0f6067033f05b28e55d3a2b1a7cf55bcce16c92da1d4a1d70df63e3fc5ad689ee528

Malware Config

Targets

    • Target

      2caa904fe2166ae690b64e54b6388b8e617f3af8ef0e09c82ea4ff5421292b0a

    • Size

      674KB

    • MD5

      83177ea87fa257f3b6e27fb04b369f67

    • SHA1

      79bb15633abe7847ef777be757be74a47d35e616

    • SHA256

      2caa904fe2166ae690b64e54b6388b8e617f3af8ef0e09c82ea4ff5421292b0a

    • SHA512

      afbf1431f638cc91f33c7369f642f63354722ecfa4f86e9f18cf205187da0f6067033f05b28e55d3a2b1a7cf55bcce16c92da1d4a1d70df63e3fc5ad689ee528

    • Luminosity

      Luminosity is a RAT family that was on sale, while claiming to be a system administration utility.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks