luminosity | 6d54603de1c5e1deaea0f02f0fdc7e9c6199170e5d056499fd5fe37746de13ea | Triage

Sharing

General

Target

6d54603de1c5e1deaea0f02f0fdc7e9c6199170e5d056499fd5fe37746de13ea
Size

365KB
Sample

221127-cmc8tacc42
MD5

d31534e5cad8165303712679ec3c6fd2
SHA1

4fbf5a16f467108beff8d906d0df1d441bd0168f
SHA256

6d54603de1c5e1deaea0f02f0fdc7e9c6199170e5d056499fd5fe37746de13ea
SHA512

894d22ca37856713c01c5a1b5287ee8a85b46bd1f8f813c8def7dee4eb1b06f7963ce15e90906c6062f6c8c20a1e293177b6efe30efc9d15d942af8276d35465
SSDEEP

6144:WXV+JnRQtCJmM+mKwYpzyAtmLbR9JWJWnlU3hJ272Ja2P4337MqjrEVGPjk7ngIk:eAROuRvEhla2P4brEyjk7ngYsP

Score

10^/10

luminosity persistence rat

Malware Config

Targets

- Target
  
  6d54603de1c5e1deaea0f02f0fdc7e9c6199170e5d056499fd5fe37746de13ea
- Size
  
  365KB
- MD5
  
  d31534e5cad8165303712679ec3c6fd2
- SHA1
  
  4fbf5a16f467108beff8d906d0df1d441bd0168f
- SHA256
  
  6d54603de1c5e1deaea0f02f0fdc7e9c6199170e5d056499fd5fe37746de13ea
- SHA512
  
  894d22ca37856713c01c5a1b5287ee8a85b46bd1f8f813c8def7dee4eb1b06f7963ce15e90906c6062f6c8c20a1e293177b6efe30efc9d15d942af8276d35465
- SSDEEP
  
  6144:WXV+JnRQtCJmM+mKwYpzyAtmLbR9JWJWnlU3hJ272Ja2P4337MqjrEVGPjk7ngIk:eAROuRvEhla2P4brEyjk7ngYsP
Score

10^/10

luminosity persistence rat
- Luminosity
  Luminosity is a RAT family that was on sale, while claiming to be a system administration utility.
  rat luminosity
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

luminositypersistencerat

behavioral2