luminosity | 2cd259fc69ccb6b7cf50eda751fb1e58b26d12a9c5246ba7a4143cc56e50f9aa | Triage

Sharing

General

Target

2cd259fc69ccb6b7cf50eda751fb1e58b26d12a9c5246ba7a4143cc56e50f9aa
Size

277KB
Sample

221126-2ke23adh8y
MD5

3f422b9ccbe4c778dc5902ecd3748056
SHA1

6eee7c53da6fe8bcb6b50525a6e765746136ef47
SHA256

2cd259fc69ccb6b7cf50eda751fb1e58b26d12a9c5246ba7a4143cc56e50f9aa
SHA512

6d1d9d00328e75b30747d0d958cce11ef492dcfc37f837634a51510511afbcf91ebe04161d6a6a0567bb0fde1c4f5ebd1e771182f4f39cc9b9502312bc37c0b3
SSDEEP

6144:1q6DvRbKLnTJnCxO+lzo6TpDCn/jUt504yJuzoBeoI:1qIvVKLTl+xompDyUtdyJp4oI

Score

10^/10

luminosity persistence rat

Malware Config

Targets

- Target
  
  2cd259fc69ccb6b7cf50eda751fb1e58b26d12a9c5246ba7a4143cc56e50f9aa
- Size
  
  277KB
- MD5
  
  3f422b9ccbe4c778dc5902ecd3748056
- SHA1
  
  6eee7c53da6fe8bcb6b50525a6e765746136ef47
- SHA256
  
  2cd259fc69ccb6b7cf50eda751fb1e58b26d12a9c5246ba7a4143cc56e50f9aa
- SHA512
  
  6d1d9d00328e75b30747d0d958cce11ef492dcfc37f837634a51510511afbcf91ebe04161d6a6a0567bb0fde1c4f5ebd1e771182f4f39cc9b9502312bc37c0b3
- SSDEEP
  
  6144:1q6DvRbKLnTJnCxO+lzo6TpDCn/jUt504yJuzoBeoI:1qIvVKLTl+xompDyUtdyJp4oI
Score

10^/10

luminosity persistence rat
- Luminosity
  Luminosity is a RAT family that was on sale, while claiming to be a system administration utility.
  rat luminosity
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

luminositypersistencerat

behavioral2

luminositypersistencerat