General
-
Target
4cf17e9cb40b51bfc98b414c42fa3692c032b3b19b0564c4a64153a1f6cdb696
-
Size
477KB
-
Sample
221120-cwg85aff4t
-
MD5
4fe45ecf79d7897c852382f5dc547ce0
-
SHA1
f0b4abee37a76b55f0a392690cc28a4ecee33dc8
-
SHA256
4cf17e9cb40b51bfc98b414c42fa3692c032b3b19b0564c4a64153a1f6cdb696
-
SHA512
4ba779a7351ad92d3e29d2bf36dc936c300b88adf46f93aae9ae2528be1af6557680057cdcb142853ee02e7382eb53b02e6b0cb4c7325c4a347f77f410b18f8b
-
SSDEEP
12288:BNvnd35ukmZgSVJgvvFkrxFE74st49Vohr/49P4iK70djb14:Ph5ukm04sVhr/49PrKD
Static task
static1
Behavioral task
behavioral1
Sample
4cf17e9cb40b51bfc98b414c42fa3692c032b3b19b0564c4a64153a1f6cdb696.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
4cf17e9cb40b51bfc98b414c42fa3692c032b3b19b0564c4a64153a1f6cdb696.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
4cf17e9cb40b51bfc98b414c42fa3692c032b3b19b0564c4a64153a1f6cdb696
-
Size
477KB
-
MD5
4fe45ecf79d7897c852382f5dc547ce0
-
SHA1
f0b4abee37a76b55f0a392690cc28a4ecee33dc8
-
SHA256
4cf17e9cb40b51bfc98b414c42fa3692c032b3b19b0564c4a64153a1f6cdb696
-
SHA512
4ba779a7351ad92d3e29d2bf36dc936c300b88adf46f93aae9ae2528be1af6557680057cdcb142853ee02e7382eb53b02e6b0cb4c7325c4a347f77f410b18f8b
-
SSDEEP
12288:BNvnd35ukmZgSVJgvvFkrxFE74st49Vohr/49P4iK70djb14:Ph5ukm04sVhr/49PrKD
Score10/10-
Luminosity
Luminosity is a RAT family that was on sale, while claiming to be a system administration utility.
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-