luminosity | 137028805716af9899e2052184800cf04663821b636c99dc7e2f5b597133ddf2 | Triage

Sharing

General

Target

137028805716af9899e2052184800cf04663821b636c99dc7e2f5b597133ddf2
Size

222KB
Sample

221029-b6bcwsgcar
MD5

0c4a1cf69322ae92ec30940d0bd71310
SHA1

79f429078d912e42fbd0cd98e62ffdcee5618a28
SHA256

137028805716af9899e2052184800cf04663821b636c99dc7e2f5b597133ddf2
SHA512

500ee0d98a2136870dc3d9c527d57233ced08e7a39f3b969dbba12ee7cc0c2dc6cebde0c9b4404032660e8a5dde48dccb18facdb8d942d7be753b123c18f2328
SSDEEP

3072:8U4f+fkjZt7fF0L2vMCDiu0Y8RxwLRMcR9aBeWvfxLWDwceWJ2NJucbPvJ1nlYZC:81i+f3uBmLbR9JWJW5JYJuEvPr

Score

10^/10

luminosity persistence rat

Malware Config

Targets

- Target
  
  137028805716af9899e2052184800cf04663821b636c99dc7e2f5b597133ddf2
- Size
  
  222KB
- MD5
  
  0c4a1cf69322ae92ec30940d0bd71310
- SHA1
  
  79f429078d912e42fbd0cd98e62ffdcee5618a28
- SHA256
  
  137028805716af9899e2052184800cf04663821b636c99dc7e2f5b597133ddf2
- SHA512
  
  500ee0d98a2136870dc3d9c527d57233ced08e7a39f3b969dbba12ee7cc0c2dc6cebde0c9b4404032660e8a5dde48dccb18facdb8d942d7be753b123c18f2328
- SSDEEP
  
  3072:8U4f+fkjZt7fF0L2vMCDiu0Y8RxwLRMcR9aBeWvfxLWDwceWJ2NJucbPvJ1nlYZC:81i+f3uBmLbR9JWJW5JYJuEvPr
Score

10^/10

luminosity persistence rat
- Luminosity
  Luminosity is a RAT family that was on sale, while claiming to be a system administration utility.
  rat luminosity
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

luminositypersistencerat

behavioral2