General

  • Target

    2541c264f978c2a42ff31696ee4290a9c1a0e18c6734fda36736692bb514205d

  • Size

    275KB

  • Sample

    221126-2ae93shg33

  • MD5

    6d59d1accc909953d5cd432b00f2e76c

  • SHA1

    eb20fecde052bcb04d125366c17ea70c30f32122

  • SHA256

    2541c264f978c2a42ff31696ee4290a9c1a0e18c6734fda36736692bb514205d

  • SHA512

    50c8ee12a132d9e7803024974e9a73ceb0ef9948f64d922a80d5c8c12b9356100ab72a0d4496d1d9a35c8d70eb28f612a907636608032c03571e8afc53b19add

  • SSDEEP

    6144:q3nDTWuBwEyoqMuOLOMVjHjNEy2/4moMkElP3tAi3lCCRNMxNF+:cnPWNEyoqMuAOMVjDNE/43+AYz

Malware Config

Targets

    • Target

      2541c264f978c2a42ff31696ee4290a9c1a0e18c6734fda36736692bb514205d

    • Size

      275KB

    • MD5

      6d59d1accc909953d5cd432b00f2e76c

    • SHA1

      eb20fecde052bcb04d125366c17ea70c30f32122

    • SHA256

      2541c264f978c2a42ff31696ee4290a9c1a0e18c6734fda36736692bb514205d

    • SHA512

      50c8ee12a132d9e7803024974e9a73ceb0ef9948f64d922a80d5c8c12b9356100ab72a0d4496d1d9a35c8d70eb28f612a907636608032c03571e8afc53b19add

    • SSDEEP

      6144:q3nDTWuBwEyoqMuOLOMVjHjNEy2/4moMkElP3tAi3lCCRNMxNF+:cnPWNEyoqMuAOMVjDNE/43+AYz

    • Luminosity

      Luminosity is a RAT family that was on sale, while claiming to be a system administration utility.

    • Modifies WinLogon for persistence

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks