General
-
Target
42c07f1fb6d60e2b206b7085e61b337f1c41bb41608801419fd91ce8b4fb8d90
-
Size
594KB
-
Sample
221127-cgjhmsfe4s
-
MD5
ee5efbffb2b92cd6414f070bdbe9525e
-
SHA1
8c5ede4793a16898d44b47314a68bd5b70e2177c
-
SHA256
42c07f1fb6d60e2b206b7085e61b337f1c41bb41608801419fd91ce8b4fb8d90
-
SHA512
78eeeebd2bd362d65e908595b1c91415e74fbd0087e566f760f038d79c50050d95961fd0da6f5b75aa92468ac64af29b6f53127fe9d10863cfc3556bf0ddce8c
-
SSDEEP
12288:85OiajewcaC3K/al98M2BN3mA/+QnQmuF4PsWhQzRwlpWfuMq7YsyHScppW4Lk2z:85Oiajewc53K/al98M2BN3V/+QnQmuFj
Malware Config
Targets
-
-
Target
42c07f1fb6d60e2b206b7085e61b337f1c41bb41608801419fd91ce8b4fb8d90
-
Size
594KB
-
MD5
ee5efbffb2b92cd6414f070bdbe9525e
-
SHA1
8c5ede4793a16898d44b47314a68bd5b70e2177c
-
SHA256
42c07f1fb6d60e2b206b7085e61b337f1c41bb41608801419fd91ce8b4fb8d90
-
SHA512
78eeeebd2bd362d65e908595b1c91415e74fbd0087e566f760f038d79c50050d95961fd0da6f5b75aa92468ac64af29b6f53127fe9d10863cfc3556bf0ddce8c
-
SSDEEP
12288:85OiajewcaC3K/al98M2BN3mA/+QnQmuF4PsWhQzRwlpWfuMq7YsyHScppW4Lk2z:85Oiajewc53K/al98M2BN3V/+QnQmuFj
Score10/10-
Luminosity
Luminosity is a RAT family that was on sale, while claiming to be a system administration utility.
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-