luminosity | b05b37fd4ded25e37c1c886cd177df80a4e60866567fce74f1c817e2f6d04041 | Triage

Sharing

General

Target

b05b37fd4ded25e37c1c886cd177df80a4e60866567fce74f1c817e2f6d04041
Size

211KB
Sample

221127-cns1nafh4x
MD5

70ac356f7a35095b81db2e5ea24d32e4
SHA1

bb78cd4a1e3ce5f0ae44f48eaf08821f7192affb
SHA256

b05b37fd4ded25e37c1c886cd177df80a4e60866567fce74f1c817e2f6d04041
SHA512

9f78ce67f018a3a37ee74406d8a27ffa15acc163f2ae2124ec4bac9ca78da796fd06ec3f929daa5c71d9334c4e17be93c348fb94f63c6a6919e0fbc2b876a95a
SSDEEP

3072:quzvHHAN35zVDpZSTh1OOMALIrCf2eiV6Lsf81g+BKF23pqgdr97ZRAQ/Odc6jmp:5s5zxG1M0ziV6zFBKF2ZN9tRJp

Score

10^/10

luminosity rat

Malware Config

Targets

- Target
  
  b05b37fd4ded25e37c1c886cd177df80a4e60866567fce74f1c817e2f6d04041
- Size
  
  211KB
- MD5
  
  70ac356f7a35095b81db2e5ea24d32e4
- SHA1
  
  bb78cd4a1e3ce5f0ae44f48eaf08821f7192affb
- SHA256
  
  b05b37fd4ded25e37c1c886cd177df80a4e60866567fce74f1c817e2f6d04041
- SHA512
  
  9f78ce67f018a3a37ee74406d8a27ffa15acc163f2ae2124ec4bac9ca78da796fd06ec3f929daa5c71d9334c4e17be93c348fb94f63c6a6919e0fbc2b876a95a
- SSDEEP
  
  3072:quzvHHAN35zVDpZSTh1OOMALIrCf2eiV6Lsf81g+BKF23pqgdr97ZRAQ/Odc6jmp:5s5zxG1M0ziV6zFBKF2ZN9tRJp
Score

10^/10

luminosity rat
- Luminosity
  Luminosity is a RAT family that was on sale, while claiming to be a system administration utility.
  rat luminosity
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2