General

  • Target

    ab0c7b8675aa676dde1de0c67ebbcac22fec306dc969541289e285b06ac22f42

  • Size

    362KB

  • Sample

    221126-q9qz3scc51

  • MD5

    6e3cf25df78c855156761cea3155462f

  • SHA1

    0e5af76cda2f4a4ffa22486b3a73ca80b36980b8

  • SHA256

    ab0c7b8675aa676dde1de0c67ebbcac22fec306dc969541289e285b06ac22f42

  • SHA512

    85b4b69268a453659c7c28b2def0bc6c7e41bfb672425c6fd3dd9d23e92bbc744b1e388aa80d6a07ee4a315a8d2e300e0482a2a0b131f28605968db3abd66624

  • SSDEEP

    6144:y8LU7dZMuhAwR95/m7RmqJSkGWpYE/bmoSoZhN2i/0Qc2k0L9CZq:RU7diuhP1/oRTS8jmoXBsjh6wZq

Malware Config

Targets

    • Target

      ab0c7b8675aa676dde1de0c67ebbcac22fec306dc969541289e285b06ac22f42

    • Size

      362KB

    • MD5

      6e3cf25df78c855156761cea3155462f

    • SHA1

      0e5af76cda2f4a4ffa22486b3a73ca80b36980b8

    • SHA256

      ab0c7b8675aa676dde1de0c67ebbcac22fec306dc969541289e285b06ac22f42

    • SHA512

      85b4b69268a453659c7c28b2def0bc6c7e41bfb672425c6fd3dd9d23e92bbc744b1e388aa80d6a07ee4a315a8d2e300e0482a2a0b131f28605968db3abd66624

    • SSDEEP

      6144:y8LU7dZMuhAwR95/m7RmqJSkGWpYE/bmoSoZhN2i/0Qc2k0L9CZq:RU7diuhP1/oRTS8jmoXBsjh6wZq

    • Luminosity

      Luminosity is a RAT family that was on sale, while claiming to be a system administration utility.

    • Modifies WinLogon for persistence

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks