General
-
Target
9974e07dae1586afb8c8cc20099a8bea4581ac98f459f79a1a9f3c3963c02fcc
-
Size
431KB
-
Sample
221106-nascraghe6
-
MD5
2deb3534a31770471cd1f20c6eaa70f0
-
SHA1
b1f507a3b30f4f8ff588ec3c9eee4607e76da950
-
SHA256
9974e07dae1586afb8c8cc20099a8bea4581ac98f459f79a1a9f3c3963c02fcc
-
SHA512
fd126297afa6c3676c01a7069b635b2912f84bafdfc4a72b15902c2ff4b371c96c049a4c1999a72043dd58586ca032c63510bead91d87cdb94ba9c3606c4673d
-
SSDEEP
12288:dhx6uCzDcKIfUEOpPDc7Tlr67EWascC1nbDUF:dhAZIfBoyTlhYQ
Malware Config
Targets
-
-
Target
9974e07dae1586afb8c8cc20099a8bea4581ac98f459f79a1a9f3c3963c02fcc
-
Size
431KB
-
MD5
2deb3534a31770471cd1f20c6eaa70f0
-
SHA1
b1f507a3b30f4f8ff588ec3c9eee4607e76da950
-
SHA256
9974e07dae1586afb8c8cc20099a8bea4581ac98f459f79a1a9f3c3963c02fcc
-
SHA512
fd126297afa6c3676c01a7069b635b2912f84bafdfc4a72b15902c2ff4b371c96c049a4c1999a72043dd58586ca032c63510bead91d87cdb94ba9c3606c4673d
-
SSDEEP
12288:dhx6uCzDcKIfUEOpPDc7Tlr67EWascC1nbDUF:dhAZIfBoyTlhYQ
Score10/10-
Luminosity
Luminosity is a RAT family that was on sale, while claiming to be a system administration utility.
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-