General

  • Target

    dd7e9f5c55a723beaa98479fadf45f9510f52df64f8ac1dfc0ba0a88ad70506f

  • Size

    378KB

  • Sample

    221126-2bnmvadc5s

  • MD5

    92f56494687232a9cb716798493b3da9

  • SHA1

    df8d73ec113f586b74dc87a632bded80f7e62992

  • SHA256

    dd7e9f5c55a723beaa98479fadf45f9510f52df64f8ac1dfc0ba0a88ad70506f

  • SHA512

    c8beda0e21ad8265b11b872585a1777b2204ea1d625ff069f5183f1b63ded7f7f1a840e941df075450941ca3d8199c0da79c7d85f9e0c54fc37c2bc8db9150a6

  • SSDEEP

    3072:Zb9GKpxD1NQKI605ygzHNID2cIX2VHo9MM2zrrzuYZKzII7GtpG1Te5ffKLXqbGR:RxJNq3IGXF2XwB7+ffK77soS7PX0SvX

Malware Config

Targets

    • Target

      dd7e9f5c55a723beaa98479fadf45f9510f52df64f8ac1dfc0ba0a88ad70506f

    • Size

      378KB

    • MD5

      92f56494687232a9cb716798493b3da9

    • SHA1

      df8d73ec113f586b74dc87a632bded80f7e62992

    • SHA256

      dd7e9f5c55a723beaa98479fadf45f9510f52df64f8ac1dfc0ba0a88ad70506f

    • SHA512

      c8beda0e21ad8265b11b872585a1777b2204ea1d625ff069f5183f1b63ded7f7f1a840e941df075450941ca3d8199c0da79c7d85f9e0c54fc37c2bc8db9150a6

    • SSDEEP

      3072:Zb9GKpxD1NQKI605ygzHNID2cIX2VHo9MM2zrrzuYZKzII7GtpG1Te5ffKLXqbGR:RxJNq3IGXF2XwB7+ffK77soS7PX0SvX

    • Luminosity

      Luminosity is a RAT family that was on sale, while claiming to be a system administration utility.

    • Modifies WinLogon for persistence

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks