General

  • Target

    497d69084c82c0578576fb2d90c1cac706325f3a9da8626aebdc69b3c9340035

  • Size

    267KB

  • Sample

    221126-srtz5age3x

  • MD5

    73189127106a82789164e3e2b83d4ce5

  • SHA1

    221e08a774a46b84e36fa55aa0a82f10af813765

  • SHA256

    497d69084c82c0578576fb2d90c1cac706325f3a9da8626aebdc69b3c9340035

  • SHA512

    df9a1ca3ded719b59c5c74021635f02aeef9c0b1cb258e275f651eff63d59767ce38f3b45747767a0a1a961fac3b406d101ea4cc0e1c0d6599ce76305db94dba

  • SSDEEP

    6144:5v+2p5fGOmQ2lBZnUnoJHwGYbf6JvMumZnRFgsWct8lXp:J+2p5pmQg5U6HCSdmZR2otk5

Malware Config

Targets

    • Target

      497d69084c82c0578576fb2d90c1cac706325f3a9da8626aebdc69b3c9340035

    • Size

      267KB

    • MD5

      73189127106a82789164e3e2b83d4ce5

    • SHA1

      221e08a774a46b84e36fa55aa0a82f10af813765

    • SHA256

      497d69084c82c0578576fb2d90c1cac706325f3a9da8626aebdc69b3c9340035

    • SHA512

      df9a1ca3ded719b59c5c74021635f02aeef9c0b1cb258e275f651eff63d59767ce38f3b45747767a0a1a961fac3b406d101ea4cc0e1c0d6599ce76305db94dba

    • SSDEEP

      6144:5v+2p5fGOmQ2lBZnUnoJHwGYbf6JvMumZnRFgsWct8lXp:J+2p5pmQg5U6HCSdmZR2otk5

    • Luminosity

      Luminosity is a RAT family that was on sale, while claiming to be a system administration utility.

    • Modifies WinLogon for persistence

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks