General

  • Target

    189c62dc575e463968cae907673b30170b261ab707c804d244c8b79e1f4be8ec

  • Size

    402KB

  • Sample

    221029-qrnr1ahhhn

  • MD5

    da12d3c00497b8527b7943e3579e52d9

  • SHA1

    9f7489fc7b6171eadc37cf813bd81c6482e101f0

  • SHA256

    189c62dc575e463968cae907673b30170b261ab707c804d244c8b79e1f4be8ec

  • SHA512

    7648a29785771f1c5551968e6f09c0b636ec60022efdafd5689c37791cf28ad801b9f0f064f2973c93b5be4b8d2cabbd8d2691e939d225f2456fb3861b8e071e

  • SSDEEP

    6144:8C0O/wK2CBCy0PlwYsmF/rM2SckT/06DCd:OjKeyPQF/rMJT/0

Malware Config

Targets

    • Target

      189c62dc575e463968cae907673b30170b261ab707c804d244c8b79e1f4be8ec

    • Size

      402KB

    • MD5

      da12d3c00497b8527b7943e3579e52d9

    • SHA1

      9f7489fc7b6171eadc37cf813bd81c6482e101f0

    • SHA256

      189c62dc575e463968cae907673b30170b261ab707c804d244c8b79e1f4be8ec

    • SHA512

      7648a29785771f1c5551968e6f09c0b636ec60022efdafd5689c37791cf28ad801b9f0f064f2973c93b5be4b8d2cabbd8d2691e939d225f2456fb3861b8e071e

    • SSDEEP

      6144:8C0O/wK2CBCy0PlwYsmF/rM2SckT/06DCd:OjKeyPQF/rMJT/0

    • Luminosity

      Luminosity is a RAT family that was on sale, while claiming to be a system administration utility.

    • Modifies WinLogon for persistence

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks