General
-
Target
dd7e9f5c55a723beaa98479fadf45f9510f52df64f8ac1dfc0ba0a88ad70506f
-
Size
378KB
-
Sample
221126-2bnmvadc5s
-
MD5
92f56494687232a9cb716798493b3da9
-
SHA1
df8d73ec113f586b74dc87a632bded80f7e62992
-
SHA256
dd7e9f5c55a723beaa98479fadf45f9510f52df64f8ac1dfc0ba0a88ad70506f
-
SHA512
c8beda0e21ad8265b11b872585a1777b2204ea1d625ff069f5183f1b63ded7f7f1a840e941df075450941ca3d8199c0da79c7d85f9e0c54fc37c2bc8db9150a6
-
SSDEEP
3072:Zb9GKpxD1NQKI605ygzHNID2cIX2VHo9MM2zrrzuYZKzII7GtpG1Te5ffKLXqbGR:RxJNq3IGXF2XwB7+ffK77soS7PX0SvX
Static task
static1
Behavioral task
behavioral1
Sample
dd7e9f5c55a723beaa98479fadf45f9510f52df64f8ac1dfc0ba0a88ad70506f.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
dd7e9f5c55a723beaa98479fadf45f9510f52df64f8ac1dfc0ba0a88ad70506f.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
dd7e9f5c55a723beaa98479fadf45f9510f52df64f8ac1dfc0ba0a88ad70506f
-
Size
378KB
-
MD5
92f56494687232a9cb716798493b3da9
-
SHA1
df8d73ec113f586b74dc87a632bded80f7e62992
-
SHA256
dd7e9f5c55a723beaa98479fadf45f9510f52df64f8ac1dfc0ba0a88ad70506f
-
SHA512
c8beda0e21ad8265b11b872585a1777b2204ea1d625ff069f5183f1b63ded7f7f1a840e941df075450941ca3d8199c0da79c7d85f9e0c54fc37c2bc8db9150a6
-
SSDEEP
3072:Zb9GKpxD1NQKI605ygzHNID2cIX2VHo9MM2zrrzuYZKzII7GtpG1Te5ffKLXqbGR:RxJNq3IGXF2XwB7+ffK77soS7PX0SvX
Score10/10-
Luminosity
Luminosity is a RAT family that was on sale, while claiming to be a system administration utility.
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-