General
-
Target
12683060f2e173014a172cebbe5f67354a8e2cd8f9a5b1197a1268d9c60fa77c
-
Size
591KB
-
Sample
221126-wmh9lsdb36
-
MD5
12c1fc5af99577e0569bc732dd486d1a
-
SHA1
d9dfdbe862677a76a5864212332e2fc74f30c41a
-
SHA256
12683060f2e173014a172cebbe5f67354a8e2cd8f9a5b1197a1268d9c60fa77c
-
SHA512
1a1e763cc0515b4da6a618d99c3690956419ea3ce6b4410f5ac7c503b9c437ce82b4a4394e2522d4f53f29eeb53850b402460f5a129899f92274d7cdaf54dfee
-
SSDEEP
12288:1IUvw9jCD23JZQOf2ii/+b13iStZgvmwdbPv2xF:aUvYjCa3QOOiMU13iSIdRve
Malware Config
Targets
-
-
Target
12683060f2e173014a172cebbe5f67354a8e2cd8f9a5b1197a1268d9c60fa77c
-
Size
591KB
-
MD5
12c1fc5af99577e0569bc732dd486d1a
-
SHA1
d9dfdbe862677a76a5864212332e2fc74f30c41a
-
SHA256
12683060f2e173014a172cebbe5f67354a8e2cd8f9a5b1197a1268d9c60fa77c
-
SHA512
1a1e763cc0515b4da6a618d99c3690956419ea3ce6b4410f5ac7c503b9c437ce82b4a4394e2522d4f53f29eeb53850b402460f5a129899f92274d7cdaf54dfee
-
SSDEEP
12288:1IUvw9jCD23JZQOf2ii/+b13iStZgvmwdbPv2xF:aUvYjCa3QOOiMU13iSIdRve
Score10/10-
Luminosity
Luminosity is a RAT family that was on sale, while claiming to be a system administration utility.
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-