General

  • Target

    6c536f28f0231d093ffddac221345d76bc73f74ee54a0cfb83161ef9bd4fbaad

  • Size

    392KB

  • Sample

    221106-khb4yscah9

  • MD5

    285d1fb99eccf1fe874503ad2335d880

  • SHA1

    556c61cfc54710d6a1ff856b26927723e12850be

  • SHA256

    6c536f28f0231d093ffddac221345d76bc73f74ee54a0cfb83161ef9bd4fbaad

  • SHA512

    afff5f4672ce3bc4c46b0704d61e52ad56d468af453ad594f2748e0d801e80b3b52c20ce044fecefd6d1c0c69b2f2d572f07f10784aa5912655db575eefb2e01

  • SSDEEP

    6144:mIt8huaw9mW5Vz85Qvzknnug+wfUYHLyMK2NGoWcaVgV98BKBpyAyVoeFYl/Zc9:nsazXrIL1v+Mmc1SKBpyS69

Malware Config

Targets

    • Target

      6c536f28f0231d093ffddac221345d76bc73f74ee54a0cfb83161ef9bd4fbaad

    • Size

      392KB

    • MD5

      285d1fb99eccf1fe874503ad2335d880

    • SHA1

      556c61cfc54710d6a1ff856b26927723e12850be

    • SHA256

      6c536f28f0231d093ffddac221345d76bc73f74ee54a0cfb83161ef9bd4fbaad

    • SHA512

      afff5f4672ce3bc4c46b0704d61e52ad56d468af453ad594f2748e0d801e80b3b52c20ce044fecefd6d1c0c69b2f2d572f07f10784aa5912655db575eefb2e01

    • SSDEEP

      6144:mIt8huaw9mW5Vz85Qvzknnug+wfUYHLyMK2NGoWcaVgV98BKBpyAyVoeFYl/Zc9:nsazXrIL1v+Mmc1SKBpyS69

    • Luminosity

      Luminosity is a RAT family that was on sale, while claiming to be a system administration utility.

    • Modifies WinLogon for persistence

    • Executes dropped EXE

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks