luminosity | f71019c44cdb9c7f429a775d23406b5262f010ea465f75e35660a79f788e90f7 | Triage

Submit
Reports

Overview

overview

Static

static

8

f71019c44c...f7.exe

windows7-x64

f71019c44c...f7.exe

windows10-2004-x64

Sharing

General

Target

f71019c44cdb9c7f429a775d23406b5262f010ea465f75e35660a79f788e90f7
Size

823KB
Sample

221126-24fgyaca25
MD5

12e6771c261c522bc702ab413ce3f7f6
SHA1

19e299d59236739b3f826c5d37723d39aa28489d
SHA256

f71019c44cdb9c7f429a775d23406b5262f010ea465f75e35660a79f788e90f7
SHA512

9ae5ce4484a0cb3d2681aee3ee6a1d22e78858341d182c091c66d7a5128e8f730a1e70660366a27767bdeb5305ee311e85a00865fdc750d8ea844026053f82ab
SSDEEP

12288:y6Wq4aaE6KwyF5L0Y2D1PqLX7okJixkya90M7iNgtsgnEemtGqBgkUhBF/eLzkw:wthEVaPqLbmkR9Bu+sremtngPXFGL1

Score

10^/10

luminosity persistence rat upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

f71019c44cdb9c7f429a775d23406b5262f010ea465f75e35660a79f788e90f7.exe

Resource

win7-20220901-en

luminosity persistence rat upx

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

f71019c44cdb9c7f429a775d23406b5262f010ea465f75e35660a79f788e90f7.exe

Resource

win10v2004-20220812-en

luminosity persistence rat upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  f71019c44cdb9c7f429a775d23406b5262f010ea465f75e35660a79f788e90f7
- Size
  
  823KB
- MD5
  
  12e6771c261c522bc702ab413ce3f7f6
- SHA1
  
  19e299d59236739b3f826c5d37723d39aa28489d
- SHA256
  
  f71019c44cdb9c7f429a775d23406b5262f010ea465f75e35660a79f788e90f7
- SHA512
  
  9ae5ce4484a0cb3d2681aee3ee6a1d22e78858341d182c091c66d7a5128e8f730a1e70660366a27767bdeb5305ee311e85a00865fdc750d8ea844026053f82ab
- SSDEEP
  
  12288:y6Wq4aaE6KwyF5L0Y2D1PqLX7okJixkya90M7iNgtsgnEemtGqBgkUhBF/eLzkw:wthEVaPqLbmkR9Bu+sremtngPXFGL1
Score

10^/10

luminosity persistence rat upx
- Luminosity
  Luminosity is a RAT family that was on sale, while claiming to be a system administration utility.
  rat luminosity
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

luminositypersistenceratupx

behavioral2

luminositypersistenceratupx

© 2018-2024

Terms | Privacy