General
-
Target
572ff93818a2afa970dbeb7db6f6468d34a7c661a44e46ed10f3675b52724abc
-
Size
275KB
-
Sample
221126-26xh8scb53
-
MD5
05c146b923f78e9a863f6d90e892327e
-
SHA1
e6cde484242c23ca907f53cabd41c8e4535cad5b
-
SHA256
572ff93818a2afa970dbeb7db6f6468d34a7c661a44e46ed10f3675b52724abc
-
SHA512
afc4fe806ccfa61797f8740e30c3f210df2aa2e1456c227ae302d9db88e612d90c4e53f90e16e6728e5ffb8f0829715e256bc8b7da15db3757c09ab084a3e434
-
SSDEEP
6144:FMwziX9NW/WoGFplVG/m/Ex0KJivNNhp87cgVPQ3NBM0NT705:huNW/7GNF/tvvoXtQ3TM0NTQ
Malware Config
Targets
-
-
Target
572ff93818a2afa970dbeb7db6f6468d34a7c661a44e46ed10f3675b52724abc
-
Size
275KB
-
MD5
05c146b923f78e9a863f6d90e892327e
-
SHA1
e6cde484242c23ca907f53cabd41c8e4535cad5b
-
SHA256
572ff93818a2afa970dbeb7db6f6468d34a7c661a44e46ed10f3675b52724abc
-
SHA512
afc4fe806ccfa61797f8740e30c3f210df2aa2e1456c227ae302d9db88e612d90c4e53f90e16e6728e5ffb8f0829715e256bc8b7da15db3757c09ab084a3e434
-
SSDEEP
6144:FMwziX9NW/WoGFplVG/m/Ex0KJivNNhp87cgVPQ3NBM0NT705:huNW/7GNF/tvvoXtQ3TM0NTQ
Score10/10-
Luminosity
Luminosity is a RAT family that was on sale, while claiming to be a system administration utility.
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-