luminosity | 31816434571f0b2b01960f92770b57ac70cf6a0eb87bf58213877b14bd350296 | Triage

Submit
Reports

Overview

overview

Static

static

3181643457...96.exe

windows7-x64

3181643457...96.exe

windows10-2004-x64

Sharing

General

Target

31816434571f0b2b01960f92770b57ac70cf6a0eb87bf58213877b14bd350296
Size

1.3MB
Sample

221126-2eet4sde4z
MD5

d0b1208b584dc4b730f5ec52902a7540
SHA1

7cbb8bbf7c97537bc3ac91e127b5882fb30e4340
SHA256

31816434571f0b2b01960f92770b57ac70cf6a0eb87bf58213877b14bd350296
SHA512

4de3d73be6770307cc99336054a3edae7ae9356109ceb48440721f6fc7caa77ec7bcbdf6d5cffcffd5f3d96beab7b55ce284fc0869eb09812e1d3d4d124797ca
SSDEEP

24576:rtti5aupx0ivxg7SqnOhieQPl3HEeXji8w4acV6dd:rkaupx0ivg5OUeQt1XW9dd

Score

10^/10

luminosity persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

31816434571f0b2b01960f92770b57ac70cf6a0eb87bf58213877b14bd350296.exe

Resource

win7-20220812-en

luminosity persistence rat

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

31816434571f0b2b01960f92770b57ac70cf6a0eb87bf58213877b14bd350296.exe

Resource

win10v2004-20220812-en

luminosity persistence rat

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  31816434571f0b2b01960f92770b57ac70cf6a0eb87bf58213877b14bd350296
- Size
  
  1.3MB
- MD5
  
  d0b1208b584dc4b730f5ec52902a7540
- SHA1
  
  7cbb8bbf7c97537bc3ac91e127b5882fb30e4340
- SHA256
  
  31816434571f0b2b01960f92770b57ac70cf6a0eb87bf58213877b14bd350296
- SHA512
  
  4de3d73be6770307cc99336054a3edae7ae9356109ceb48440721f6fc7caa77ec7bcbdf6d5cffcffd5f3d96beab7b55ce284fc0869eb09812e1d3d4d124797ca
- SSDEEP
  
  24576:rtti5aupx0ivxg7SqnOhieQPl3HEeXji8w4acV6dd:rkaupx0ivg5OUeQt1XW9dd
Score

10^/10

luminosity persistence rat
- Luminosity
  Luminosity is a RAT family that was on sale, while claiming to be a system administration utility.
  rat luminosity
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

luminositypersistencerat

behavioral2

luminositypersistencerat

© 2018-2024

Terms | Privacy