General

  • Target

    3eb7945613b579e82e8377fc0097e42fe6bc64047da17683bc9b317c412be9b0

  • Size

    1.4MB

  • Sample

    220701-gdcm5sechq

  • MD5

    5e045da5143cb22634f71ab931e1ee46

  • SHA1

    a3c226344a934a7635757dfed37fc510039cedb0

  • SHA256

    3eb7945613b579e82e8377fc0097e42fe6bc64047da17683bc9b317c412be9b0

  • SHA512

    722771a4a5dca75d5d85e06bfca4054563334ff53bbf36a0ac636b8976eb7b0d8be2068653750f1a8dafa7d893fb250deba6e6daa60a6225b258f3bb0bdd9e80

Malware Config

Targets

    • Target

      3eb7945613b579e82e8377fc0097e42fe6bc64047da17683bc9b317c412be9b0

    • Size

      1.4MB

    • MD5

      5e045da5143cb22634f71ab931e1ee46

    • SHA1

      a3c226344a934a7635757dfed37fc510039cedb0

    • SHA256

      3eb7945613b579e82e8377fc0097e42fe6bc64047da17683bc9b317c412be9b0

    • SHA512

      722771a4a5dca75d5d85e06bfca4054563334ff53bbf36a0ac636b8976eb7b0d8be2068653750f1a8dafa7d893fb250deba6e6daa60a6225b258f3bb0bdd9e80

    • Luminosity

      Luminosity is a RAT family that was on sale, while claiming to be a system administration utility.

    • Modifies WinLogon for persistence

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks