Overview

overview

10

Static

static

9b3026aba4...19.exe

windows7-x64

10

9b3026aba4...19.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9b3026aba4a24f1103eeb402b55d42bf7e915cfae48a7141293d8fff97184119

  • Size

    262KB

  • Sample

    221021-wzc85aachk

  • MD5

    703f1774ed636ad75e5897045bcedab0

  • SHA1

    97ad9984b52f8139ca7a3354588eceb7978a6300

  • SHA256

    9b3026aba4a24f1103eeb402b55d42bf7e915cfae48a7141293d8fff97184119

  • SHA512

    fc43ec401257fc9d7f192b97cc0960dd86005a1392e6d0960da2833cf3c0ce0322d54284c12e34d2d11afe8fa5ed75f455ba059a424d5cfa3a68e2fb8354062a

  • SSDEEP

    6144:o+YzmJfY2vscKGmXlVC4ckkRGRUt53nONnx6:o+emJA2LKGmXHRilnOh

Score
10/10
luminositypersistencerat

Malware Config

Targets

    • Target

      9b3026aba4a24f1103eeb402b55d42bf7e915cfae48a7141293d8fff97184119

    • Size

      262KB

    • MD5

      703f1774ed636ad75e5897045bcedab0

    • SHA1

      97ad9984b52f8139ca7a3354588eceb7978a6300

    • SHA256

      9b3026aba4a24f1103eeb402b55d42bf7e915cfae48a7141293d8fff97184119

    • SHA512

      fc43ec401257fc9d7f192b97cc0960dd86005a1392e6d0960da2833cf3c0ce0322d54284c12e34d2d11afe8fa5ed75f455ba059a424d5cfa3a68e2fb8354062a

    • SSDEEP

      6144:o+YzmJfY2vscKGmXlVC4ckkRGRUt53nONnx6:o+emJA2LKGmXHRilnOh

    Score
    10/10
    luminositypersistencerat

    • Luminosity

      Luminosity is a RAT family that was on sale, while claiming to be a system administration utility.

      ratluminosity

    • Modifies WinLogon for persistence

      persistence

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks