General

  • Target

    b0243b6fdfc0c1ad296299bc4424a13cc2c7c9808bf331c07041261d06c9b712

  • Size

    269KB

  • Sample

    221029-qb4taahcfj

  • MD5

    ff3be7a2ec1d2452f08de1feec2deb2f

  • SHA1

    b842e504a0e84e44ae7b876f3543cf6f2dcae6a9

  • SHA256

    b0243b6fdfc0c1ad296299bc4424a13cc2c7c9808bf331c07041261d06c9b712

  • SHA512

    14469a2bd770cb38f29c8db885ce4ddc10b32cbf64fb62787570cd1347d22d6c0bfb589f3524948ab50c556783970666331ce722a72770c8a7b5225cb7117db8

  • SSDEEP

    6144:YltHeS9enNwHqOu5Dx7tZrRbl+pXOV7yKM+mvSFz9jEhHMIVq1rl:AtHeNn2KOiJZrRJ+0V72+19jqsIVq1B

Malware Config

Targets

    • Target

      b0243b6fdfc0c1ad296299bc4424a13cc2c7c9808bf331c07041261d06c9b712

    • Size

      269KB

    • MD5

      ff3be7a2ec1d2452f08de1feec2deb2f

    • SHA1

      b842e504a0e84e44ae7b876f3543cf6f2dcae6a9

    • SHA256

      b0243b6fdfc0c1ad296299bc4424a13cc2c7c9808bf331c07041261d06c9b712

    • SHA512

      14469a2bd770cb38f29c8db885ce4ddc10b32cbf64fb62787570cd1347d22d6c0bfb589f3524948ab50c556783970666331ce722a72770c8a7b5225cb7117db8

    • SSDEEP

      6144:YltHeS9enNwHqOu5Dx7tZrRbl+pXOV7yKM+mvSFz9jEhHMIVq1rl:AtHeNn2KOiJZrRJ+0V72+19jqsIVq1B

    • Luminosity

      Luminosity is a RAT family that was on sale, while claiming to be a system administration utility.

    • Modifies WinLogon for persistence

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks