General
-
Target
ba7493b37a3f341c4af47f07c02f261526fe180247fdd48b3060fccd438ed157
-
Size
598KB
-
Sample
221127-b18q7sed4z
-
MD5
988c93c1604be2107921463122471e5c
-
SHA1
5267b6437962f8360dbfb910498a46cae63b19a9
-
SHA256
ba7493b37a3f341c4af47f07c02f261526fe180247fdd48b3060fccd438ed157
-
SHA512
591d3908d6ea6f6d8c543f0c3b346ff5508803c5c8dc9b3046341e5c35890c80458ce54d88dbb005f7c8f5b7aeff28b60204bca7bfda5fb4dda76120421420eb
-
SSDEEP
12288:yeFSHA02FWBtTsEsfoOYxdY1TQT1t6AIlZu13AL:yAS6WrA9fo38TC1tJ9U
Malware Config
Targets
-
-
Target
ba7493b37a3f341c4af47f07c02f261526fe180247fdd48b3060fccd438ed157
-
Size
598KB
-
MD5
988c93c1604be2107921463122471e5c
-
SHA1
5267b6437962f8360dbfb910498a46cae63b19a9
-
SHA256
ba7493b37a3f341c4af47f07c02f261526fe180247fdd48b3060fccd438ed157
-
SHA512
591d3908d6ea6f6d8c543f0c3b346ff5508803c5c8dc9b3046341e5c35890c80458ce54d88dbb005f7c8f5b7aeff28b60204bca7bfda5fb4dda76120421420eb
-
SSDEEP
12288:yeFSHA02FWBtTsEsfoOYxdY1TQT1t6AIlZu13AL:yAS6WrA9fo38TC1tJ9U
Score10/10-
Luminosity
Luminosity is a RAT family that was on sale, while claiming to be a system administration utility.
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-