luminosity | 574dcacbe3546bc60dd43e45e54a4f056f359438b850192ea12dea000ca606ce | Triage

Sharing

General

Target

574dcacbe3546bc60dd43e45e54a4f056f359438b850192ea12dea000ca606ce
Size

274KB
Sample

221127-cqb5xscd95
MD5

9cea5efa60feab40e4bb6504842f0111
SHA1

d47760452df755c3ded8a5ca42ad4746929cb089
SHA256

574dcacbe3546bc60dd43e45e54a4f056f359438b850192ea12dea000ca606ce
SHA512

c5f37b789e168a094d480407767fb27d366ef04792e88f17dfbcb36cdcbaa7ed969bec1cf1097e52e07ae8617230f5cf63a06c7e7bb291a86e7a717a8a965a14
SSDEEP

6144:7SI9KYR4muAfmuD0ObT91brv8XwIvywqaB1cEBDkN:7SDi4muYmuDZNv0vZB1c/

Score

10^/10

luminosity persistence rat

Malware Config

Targets

- Target
  
  574dcacbe3546bc60dd43e45e54a4f056f359438b850192ea12dea000ca606ce
- Size
  
  274KB
- MD5
  
  9cea5efa60feab40e4bb6504842f0111
- SHA1
  
  d47760452df755c3ded8a5ca42ad4746929cb089
- SHA256
  
  574dcacbe3546bc60dd43e45e54a4f056f359438b850192ea12dea000ca606ce
- SHA512
  
  c5f37b789e168a094d480407767fb27d366ef04792e88f17dfbcb36cdcbaa7ed969bec1cf1097e52e07ae8617230f5cf63a06c7e7bb291a86e7a717a8a965a14
- SSDEEP
  
  6144:7SI9KYR4muAfmuD0ObT91brv8XwIvywqaB1cEBDkN:7SDi4muYmuDZNv0vZB1c/
Score

10^/10

luminosity persistence rat
- Luminosity
  Luminosity is a RAT family that was on sale, while claiming to be a system administration utility.
  rat luminosity
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

luminositypersistencerat

behavioral2