General

  • Target

    4cf17e9cb40b51bfc98b414c42fa3692c032b3b19b0564c4a64153a1f6cdb696

  • Size

    477KB

  • Sample

    221120-cwg85aff4t

  • MD5

    4fe45ecf79d7897c852382f5dc547ce0

  • SHA1

    f0b4abee37a76b55f0a392690cc28a4ecee33dc8

  • SHA256

    4cf17e9cb40b51bfc98b414c42fa3692c032b3b19b0564c4a64153a1f6cdb696

  • SHA512

    4ba779a7351ad92d3e29d2bf36dc936c300b88adf46f93aae9ae2528be1af6557680057cdcb142853ee02e7382eb53b02e6b0cb4c7325c4a347f77f410b18f8b

  • SSDEEP

    12288:BNvnd35ukmZgSVJgvvFkrxFE74st49Vohr/49P4iK70djb14:Ph5ukm04sVhr/49PrKD

Malware Config

Targets

    • Target

      4cf17e9cb40b51bfc98b414c42fa3692c032b3b19b0564c4a64153a1f6cdb696

    • Size

      477KB

    • MD5

      4fe45ecf79d7897c852382f5dc547ce0

    • SHA1

      f0b4abee37a76b55f0a392690cc28a4ecee33dc8

    • SHA256

      4cf17e9cb40b51bfc98b414c42fa3692c032b3b19b0564c4a64153a1f6cdb696

    • SHA512

      4ba779a7351ad92d3e29d2bf36dc936c300b88adf46f93aae9ae2528be1af6557680057cdcb142853ee02e7382eb53b02e6b0cb4c7325c4a347f77f410b18f8b

    • SSDEEP

      12288:BNvnd35ukmZgSVJgvvFkrxFE74st49Vohr/49P4iK70djb14:Ph5ukm04sVhr/49PrKD

    • Luminosity

      Luminosity is a RAT family that was on sale, while claiming to be a system administration utility.

    • Modifies WinLogon for persistence

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks