Overview

overview

10

Static

static

5afacb39e2...83.exe

windows7-x64

10

5afacb39e2...83.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5afacb39e2b3de26c60c6c4e96cf172dd952e20e7b081dd498a7157d8cb99383

  • Size

    363KB

  • Sample

    221126-zd1zvacf79

  • MD5

    407ad0b8ca4c0d6fdf45497b6e5e91b3

  • SHA1

    b904a4b9b05ff476c14b1c3dd1de55c7cbab0654

  • SHA256

    5afacb39e2b3de26c60c6c4e96cf172dd952e20e7b081dd498a7157d8cb99383

  • SHA512

    32c2f382b19298cf4e6978c44a09a33bb9ee0912d89ebf0138139f1618f3e8640474c78a97f3815dea4f740c177ef809efbf2a6d45e9588958d3fa7a654c9b98

  • SSDEEP

    6144:w8i2UsvYzQGvK28szYvU4n2kJBbnCtfhCyZx+LFus/pT7ivqqqXASDLNVJ6i:G2UsJwKqc4krDCtZxGFusxwqqMLXAi

Score
10/10
luminositypersistencerat

Malware Config

Targets

    • Target

      5afacb39e2b3de26c60c6c4e96cf172dd952e20e7b081dd498a7157d8cb99383

    • Size

      363KB

    • MD5

      407ad0b8ca4c0d6fdf45497b6e5e91b3

    • SHA1

      b904a4b9b05ff476c14b1c3dd1de55c7cbab0654

    • SHA256

      5afacb39e2b3de26c60c6c4e96cf172dd952e20e7b081dd498a7157d8cb99383

    • SHA512

      32c2f382b19298cf4e6978c44a09a33bb9ee0912d89ebf0138139f1618f3e8640474c78a97f3815dea4f740c177ef809efbf2a6d45e9588958d3fa7a654c9b98

    • SSDEEP

      6144:w8i2UsvYzQGvK28szYvU4n2kJBbnCtfhCyZx+LFus/pT7ivqqqXASDLNVJ6i:G2UsJwKqc4krDCtZxGFusxwqqMLXAi

    Score
    10/10
    luminositypersistencerat

    • Luminosity

      Luminosity is a RAT family that was on sale, while claiming to be a system administration utility.

      ratluminosity

    • Modifies WinLogon for persistence

      persistence

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks