Overview

overview

10

Static

static

c818d9d86c...6b.exe

windows7-x64

10

c818d9d86c...6b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c818d9d86c869925d4ff82e2d17ac77300befcd1fe308191af7f10b246e37a6b

  • Size

    747KB

  • Sample

    221126-wfdesafe9x

  • MD5

    1c37fcc88038b6b8fc85accd0ebc8343

  • SHA1

    101b3727f1145d9b4483540b00d48b6cf9a03943

  • SHA256

    c818d9d86c869925d4ff82e2d17ac77300befcd1fe308191af7f10b246e37a6b

  • SHA512

    84905fcaeda25bac0fea20b4270f6d8724889b8a4e2567b8f64caad4cc82d6560812cd9ebcbcf3478910c97e857254b444d34755c519681c9d4161c969b2d939

  • SSDEEP

    12288:B8uHgGWdpwVNZ373QQi2p9CwhiifzhHj2gROW65Ruy6NejRPfD54pw:XWnw+R6CwPbhFRx65RuNejBftP

Score
10/10
luminositypersistencerat

Malware Config

Targets

    • Target

      c818d9d86c869925d4ff82e2d17ac77300befcd1fe308191af7f10b246e37a6b

    • Size

      747KB

    • MD5

      1c37fcc88038b6b8fc85accd0ebc8343

    • SHA1

      101b3727f1145d9b4483540b00d48b6cf9a03943

    • SHA256

      c818d9d86c869925d4ff82e2d17ac77300befcd1fe308191af7f10b246e37a6b

    • SHA512

      84905fcaeda25bac0fea20b4270f6d8724889b8a4e2567b8f64caad4cc82d6560812cd9ebcbcf3478910c97e857254b444d34755c519681c9d4161c969b2d939

    • SSDEEP

      12288:B8uHgGWdpwVNZ373QQi2p9CwhiifzhHj2gROW65Ruy6NejRPfD54pw:XWnw+R6CwPbhFRx65RuNejBftP

    Score
    10/10
    luminositypersistencerat

    • Luminosity

      Luminosity is a RAT family that was on sale, while claiming to be a system administration utility.

      ratluminosity

    • Modifies WinLogon for persistence

      persistence

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks