luminosity | 804a74007782f858db9f08ec1797aa92429c1ae2f2496045854db975777ffe89 | Triage

Sharing

General

Target

804a74007782f858db9f08ec1797aa92429c1ae2f2496045854db975777ffe89
Size

196KB
Sample

221127-ca533abe96
MD5

4e3b4a58556b73a525ac4ad4a667fc5f
SHA1

8647ce41e973ec67d068c14921d80942a55f8bb4
SHA256

804a74007782f858db9f08ec1797aa92429c1ae2f2496045854db975777ffe89
SHA512

f85285858789a1e30b2afad625dfede84853c6154108b83a6a53cc7b88c5d6996ba2eb0dd38298fdd312f5ff280f3ea9aa523ba8a51ab83cff9efb8b20dcb6c7
SSDEEP

6144:1L5Bx3DhHc6peTzhKeLTHav3bjUl2yzac:1VBx3tHc6khK4EPe2yV

Score

10^/10

luminosity persistence rat

Malware Config

Targets

- Target
  
  804a74007782f858db9f08ec1797aa92429c1ae2f2496045854db975777ffe89
- Size
  
  196KB
- MD5
  
  4e3b4a58556b73a525ac4ad4a667fc5f
- SHA1
  
  8647ce41e973ec67d068c14921d80942a55f8bb4
- SHA256
  
  804a74007782f858db9f08ec1797aa92429c1ae2f2496045854db975777ffe89
- SHA512
  
  f85285858789a1e30b2afad625dfede84853c6154108b83a6a53cc7b88c5d6996ba2eb0dd38298fdd312f5ff280f3ea9aa523ba8a51ab83cff9efb8b20dcb6c7
- SSDEEP
  
  6144:1L5Bx3DhHc6peTzhKeLTHav3bjUl2yzac:1VBx3tHc6khK4EPe2yV
Score

10^/10

luminosity persistence rat
- Luminosity
  Luminosity is a RAT family that was on sale, while claiming to be a system administration utility.
  rat luminosity
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

luminositypersistencerat

behavioral2

luminositypersistencerat