General
-
Target
3dcf071645ab0543774575cf43ba0bf2207d2257c190be11609ddd30b3d5e4a9
-
Size
365KB
-
Sample
221127-b8cnqsbd64
-
MD5
257ba86a2263c16001d06f77e346ef86
-
SHA1
1068158a1d06ac36983fb1586680224dc16a57bc
-
SHA256
3dcf071645ab0543774575cf43ba0bf2207d2257c190be11609ddd30b3d5e4a9
-
SHA512
a00c26236b71e61fd2b13710f8a64763b1bdf6199bc8a40ea9fe98a1c8fc8496fb83a5f0e04e029a049eb82dcd2c162ab782d27b9d4f8ad8db730f4f0d97d464
-
SSDEEP
6144:WXV+JnRQtCJmM+mKwYpzyAtmLbR9JWJW+lU3hJ272Ja2P4337MqjrEVGPjk7ngIk:eAROuRvEUla2P4brEyjk7ngYsP
Malware Config
Targets
-
-
Target
3dcf071645ab0543774575cf43ba0bf2207d2257c190be11609ddd30b3d5e4a9
-
Size
365KB
-
MD5
257ba86a2263c16001d06f77e346ef86
-
SHA1
1068158a1d06ac36983fb1586680224dc16a57bc
-
SHA256
3dcf071645ab0543774575cf43ba0bf2207d2257c190be11609ddd30b3d5e4a9
-
SHA512
a00c26236b71e61fd2b13710f8a64763b1bdf6199bc8a40ea9fe98a1c8fc8496fb83a5f0e04e029a049eb82dcd2c162ab782d27b9d4f8ad8db730f4f0d97d464
-
SSDEEP
6144:WXV+JnRQtCJmM+mKwYpzyAtmLbR9JWJW+lU3hJ272Ja2P4337MqjrEVGPjk7ngIk:eAROuRvEUla2P4brEyjk7ngYsP
Score10/10-
Luminosity
Luminosity is a RAT family that was on sale, while claiming to be a system administration utility.
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-