General

  • Target

    257d954b25d5d45b7ee8fd5bb47ad2e423e39f88a64da75e34e4a482a9728d1d

  • Size

    258KB

  • Sample

    221126-wmbvjagb3z

  • MD5

    220e4be9f75f1a8ed6091702fc0b7fe5

  • SHA1

    4cae4f91647f96474eecd5e186a63e5d8451a11e

  • SHA256

    257d954b25d5d45b7ee8fd5bb47ad2e423e39f88a64da75e34e4a482a9728d1d

  • SHA512

    177bb7ae8e5e61cebdac28917e19afb053b3d77c408c12fe4bb6d91ab1eeef356c495f8da100c541052459b45f4dd32f00bfbd642925b57042e3e1e99c42bd22

  • SSDEEP

    6144:95FgsZZ+c7PQBpWHiyu8Qu+tsrnFr9Ha4S9mhJMJAPMDmp:90s2BwHifXirFJa0hEAUDy

Malware Config

Targets

    • Target

      257d954b25d5d45b7ee8fd5bb47ad2e423e39f88a64da75e34e4a482a9728d1d

    • Size

      258KB

    • MD5

      220e4be9f75f1a8ed6091702fc0b7fe5

    • SHA1

      4cae4f91647f96474eecd5e186a63e5d8451a11e

    • SHA256

      257d954b25d5d45b7ee8fd5bb47ad2e423e39f88a64da75e34e4a482a9728d1d

    • SHA512

      177bb7ae8e5e61cebdac28917e19afb053b3d77c408c12fe4bb6d91ab1eeef356c495f8da100c541052459b45f4dd32f00bfbd642925b57042e3e1e99c42bd22

    • SSDEEP

      6144:95FgsZZ+c7PQBpWHiyu8Qu+tsrnFr9Ha4S9mhJMJAPMDmp:90s2BwHifXirFJa0hEAUDy

    • Luminosity

      Luminosity is a RAT family that was on sale, while claiming to be a system administration utility.

    • Modifies WinLogon for persistence

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks