General

  • Target

    c56e4b72ee5cc4f5a777c877ceb598b0a2305b3992b51ad6004550ad27ac4289

  • Size

    169KB

  • Sample

    221003-b7x82scfgj

  • MD5

    418d0256f14d3f9b015ec27212ce3780

  • SHA1

    8fcc57804cfef696487ed168aeb1aaae979642b4

  • SHA256

    c56e4b72ee5cc4f5a777c877ceb598b0a2305b3992b51ad6004550ad27ac4289

  • SHA512

    dec392c2a931258389f41b8f9d76256ef56a196f86491a6713360442dfa5f66118d8861066738849445e83c22e51944608ea5aaad0ef433bbc97b23ebd6ba97a

  • SSDEEP

    3072:2mpoVuPJRNCcCn2W5Y/8hFJm9SMQ1Fdl1SVExPedn4TZJg8dbSjjyxbkjM9:oP7zE974FdEWwC3xbGM

Malware Config

Targets

    • Target

      c56e4b72ee5cc4f5a777c877ceb598b0a2305b3992b51ad6004550ad27ac4289

    • Size

      169KB

    • MD5

      418d0256f14d3f9b015ec27212ce3780

    • SHA1

      8fcc57804cfef696487ed168aeb1aaae979642b4

    • SHA256

      c56e4b72ee5cc4f5a777c877ceb598b0a2305b3992b51ad6004550ad27ac4289

    • SHA512

      dec392c2a931258389f41b8f9d76256ef56a196f86491a6713360442dfa5f66118d8861066738849445e83c22e51944608ea5aaad0ef433bbc97b23ebd6ba97a

    • SSDEEP

      3072:2mpoVuPJRNCcCn2W5Y/8hFJm9SMQ1Fdl1SVExPedn4TZJg8dbSjjyxbkjM9:oP7zE974FdEWwC3xbGM

    • Luminosity

      Luminosity is a RAT family that was on sale, while claiming to be a system administration utility.

    • Modifies WinLogon for persistence

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks