luminosity | 141ed19ec18802d3fc24038503e8c361a2653ae79935e3d7cda14172dbc43be9 | Triage

Sharing

General

Target

141ed19ec18802d3fc24038503e8c361a2653ae79935e3d7cda14172dbc43be9
Size

504KB
Sample

221126-yw32gsee4z
MD5

442e1935e53619952a33090b4ba5aacd
SHA1

f98168d3740aa39572457fdb18646167bc713030
SHA256

141ed19ec18802d3fc24038503e8c361a2653ae79935e3d7cda14172dbc43be9
SHA512

674f40dc2adb1a25d498c88a809fffcbd448119140d910a15fa535b97d8847a99942598b5f4a8622e4041abb4191e71fe7fba70f1966839a114b96d9722bfe36
SSDEEP

12288:H9cXDP90RVcaVWjUhQuczopZCPgcLMGOe:HGXDP9WVHxpZggIMU

Score

10^/10

luminosity persistence rat

Malware Config

Targets

- Target
  
  141ed19ec18802d3fc24038503e8c361a2653ae79935e3d7cda14172dbc43be9
- Size
  
  504KB
- MD5
  
  442e1935e53619952a33090b4ba5aacd
- SHA1
  
  f98168d3740aa39572457fdb18646167bc713030
- SHA256
  
  141ed19ec18802d3fc24038503e8c361a2653ae79935e3d7cda14172dbc43be9
- SHA512
  
  674f40dc2adb1a25d498c88a809fffcbd448119140d910a15fa535b97d8847a99942598b5f4a8622e4041abb4191e71fe7fba70f1966839a114b96d9722bfe36
- SSDEEP
  
  12288:H9cXDP90RVcaVWjUhQuczopZCPgcLMGOe:HGXDP9WVHxpZggIMU
Score

10^/10

persistence luminosity rat
- Luminosity
  Luminosity is a RAT family that was on sale, while claiming to be a system administration utility.
  rat luminosity
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

luminositypersistencerat