General
-
Target
13555c418c3ba30588aa27a66714f5c091dc1abba859ce7d6d144268833e1731
-
Size
320KB
-
Sample
221126-2ezvaaab48
-
MD5
6c4bdfefea58c80aa75fbd60517771ee
-
SHA1
fc2b61c9d7d2e2a20aaf0efd7a7f6419608d0181
-
SHA256
13555c418c3ba30588aa27a66714f5c091dc1abba859ce7d6d144268833e1731
-
SHA512
4bd68f43060082efb3858794eafb183acd6143184ee54f8c35055c7d7b6fafbbd5a42c7be532a10a317f9b67b0a32d8ccde08dabecdbdad7462012374d0db3e0
-
SSDEEP
6144:EKkdLgjO+EQT1XZqJWi+2NsQuM/L6R1RbKfmhH3TX82ZmhXIWgNkHbSO147qPsP:EKkVgjT5Zv2seuxK+hXT/Zm2CWO14mP+
Malware Config
Targets
-
-
Target
13555c418c3ba30588aa27a66714f5c091dc1abba859ce7d6d144268833e1731
-
Size
320KB
-
MD5
6c4bdfefea58c80aa75fbd60517771ee
-
SHA1
fc2b61c9d7d2e2a20aaf0efd7a7f6419608d0181
-
SHA256
13555c418c3ba30588aa27a66714f5c091dc1abba859ce7d6d144268833e1731
-
SHA512
4bd68f43060082efb3858794eafb183acd6143184ee54f8c35055c7d7b6fafbbd5a42c7be532a10a317f9b67b0a32d8ccde08dabecdbdad7462012374d0db3e0
-
SSDEEP
6144:EKkdLgjO+EQT1XZqJWi+2NsQuM/L6R1RbKfmhH3TX82ZmhXIWgNkHbSO147qPsP:EKkVgjT5Zv2seuxK+hXT/Zm2CWO14mP+
Score10/10-
Luminosity
Luminosity is a RAT family that was on sale, while claiming to be a system administration utility.
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-