General
-
Target
ca3e806d6d5d39b9d7eb79faaae309c5a2c129719c161fa0e0a99fd6e04a26eb
-
Size
1.3MB
-
Sample
221020-zqvnlaebdk
-
MD5
80af64b3c090e36be9a8844c51d1c460
-
SHA1
0c6fbc16668df5773f4d8ea8ae5cd84538d561d5
-
SHA256
ca3e806d6d5d39b9d7eb79faaae309c5a2c129719c161fa0e0a99fd6e04a26eb
-
SHA512
f3bc54bbbf7b843e3eacce5520d643c8584415f01bc5bdcd02a3b5aaf977e70e3755673feabbd1a8d68c1e396ba0e9e22d9957657f9cd3065e7102f9cca27bea
-
SSDEEP
24576:ftb20pkaCqT5TBWgNQ7aPA5Hp3njAceNBjsytM1+VAfQpx6A:cVg5tQ7aPCHp3E5YgqK5
Static task
static1
Behavioral task
behavioral1
Sample
ca3e806d6d5d39b9d7eb79faaae309c5a2c129719c161fa0e0a99fd6e04a26eb.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
ca3e806d6d5d39b9d7eb79faaae309c5a2c129719c161fa0e0a99fd6e04a26eb.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
ca3e806d6d5d39b9d7eb79faaae309c5a2c129719c161fa0e0a99fd6e04a26eb
-
Size
1.3MB
-
MD5
80af64b3c090e36be9a8844c51d1c460
-
SHA1
0c6fbc16668df5773f4d8ea8ae5cd84538d561d5
-
SHA256
ca3e806d6d5d39b9d7eb79faaae309c5a2c129719c161fa0e0a99fd6e04a26eb
-
SHA512
f3bc54bbbf7b843e3eacce5520d643c8584415f01bc5bdcd02a3b5aaf977e70e3755673feabbd1a8d68c1e396ba0e9e22d9957657f9cd3065e7102f9cca27bea
-
SSDEEP
24576:ftb20pkaCqT5TBWgNQ7aPA5Hp3njAceNBjsytM1+VAfQpx6A:cVg5tQ7aPCHp3E5YgqK5
Score10/10-
Luminosity
Luminosity is a RAT family that was on sale, while claiming to be a system administration utility.
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-