General

  • Target

    89e8dbf09685f9de65e186fd7487374b7f081dbbbca86360a9047fb334235c33

  • Size

    636KB

  • Sample

    221126-rntphsac36

  • MD5

    c9ffc3cf9644b18d3b9177f3538d5777

  • SHA1

    4b07b514e46bdc9d1b7a4d141972390db368b5f0

  • SHA256

    89e8dbf09685f9de65e186fd7487374b7f081dbbbca86360a9047fb334235c33

  • SHA512

    8c79fe2a251d2baa6b2d7eb8bbc99ea8112e44e4cabf8083cb3a762b03cc75c635927f2652ea48aaa2f2d57d1b472a612157c897c660f5e5efa6991396031109

  • SSDEEP

    12288:P3N7+8qyRWMzSfXPzwDevratVILPqbP/E:PkRp4Snz7atVpP

Malware Config

Targets

    • Target

      89e8dbf09685f9de65e186fd7487374b7f081dbbbca86360a9047fb334235c33

    • Size

      636KB

    • MD5

      c9ffc3cf9644b18d3b9177f3538d5777

    • SHA1

      4b07b514e46bdc9d1b7a4d141972390db368b5f0

    • SHA256

      89e8dbf09685f9de65e186fd7487374b7f081dbbbca86360a9047fb334235c33

    • SHA512

      8c79fe2a251d2baa6b2d7eb8bbc99ea8112e44e4cabf8083cb3a762b03cc75c635927f2652ea48aaa2f2d57d1b472a612157c897c660f5e5efa6991396031109

    • SSDEEP

      12288:P3N7+8qyRWMzSfXPzwDevratVILPqbP/E:PkRp4Snz7atVpP

    • Luminosity

      Luminosity is a RAT family that was on sale, while claiming to be a system administration utility.

    • Modifies WinLogon for persistence

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks