General
-
Target
97bea1889edff67ebf2aa0f0c501531b0c0313c48848ed6e50c4aee983691420
-
Size
274KB
-
Sample
221127-b3yc9aee6y
-
MD5
98c41386d7388c9ef21006de25e62352
-
SHA1
65c5898be57da08f0b933f9808a0b36e058736f4
-
SHA256
97bea1889edff67ebf2aa0f0c501531b0c0313c48848ed6e50c4aee983691420
-
SHA512
6a4ab3517bc02ee10ba7e5f94f717573883414190c2bd49757d66049cdfb7f6f3d84eba720f717d0035d773596019304601c92d4bca909f7e082400ced3bd727
-
SSDEEP
6144:z7M54HWx2BNDsrH1qNB9JcDSWA0uq74HW1JfLgD5l2dSmLIVZ20:z7iQN4AuSbHOxLgb20uIVZ
Malware Config
Targets
-
-
Target
97bea1889edff67ebf2aa0f0c501531b0c0313c48848ed6e50c4aee983691420
-
Size
274KB
-
MD5
98c41386d7388c9ef21006de25e62352
-
SHA1
65c5898be57da08f0b933f9808a0b36e058736f4
-
SHA256
97bea1889edff67ebf2aa0f0c501531b0c0313c48848ed6e50c4aee983691420
-
SHA512
6a4ab3517bc02ee10ba7e5f94f717573883414190c2bd49757d66049cdfb7f6f3d84eba720f717d0035d773596019304601c92d4bca909f7e082400ced3bd727
-
SSDEEP
6144:z7M54HWx2BNDsrH1qNB9JcDSWA0uq74HW1JfLgD5l2dSmLIVZ20:z7iQN4AuSbHOxLgb20uIVZ
Score10/10-
Luminosity
Luminosity is a RAT family that was on sale, while claiming to be a system administration utility.
-
Modifies WinLogon for persistence
-
UAC bypass
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-