General
-
Target
1779898c6b7dc7ec74e4b6274761f1187080d28fb8261d14b4d3aa8663766855
-
Size
1.5MB
-
Sample
221127-gzzpssab2w
-
MD5
5c1e97970f754e08bc9e75494c8b3ab8
-
SHA1
486db3a90c2f5fe73057f341127d17dea3449a02
-
SHA256
1779898c6b7dc7ec74e4b6274761f1187080d28fb8261d14b4d3aa8663766855
-
SHA512
1642094d09b998a21e4ca0908edd5807550fda56236ccc02642aec3f5449f66d14fc27ca93e86d9b4c3b169f1ddefc59dcf0413ee7facabe2e9698020a56ced5
-
SSDEEP
12288:gv01G/osLRUggkgP3cVDmLSGU/vZe7jMHO1vMi/iXyvH:Y/N+gIMJmLSGU/vZe7jMHO1vL/iXyv
Malware Config
Targets
-
-
Target
1779898c6b7dc7ec74e4b6274761f1187080d28fb8261d14b4d3aa8663766855
-
Size
1.5MB
-
MD5
5c1e97970f754e08bc9e75494c8b3ab8
-
SHA1
486db3a90c2f5fe73057f341127d17dea3449a02
-
SHA256
1779898c6b7dc7ec74e4b6274761f1187080d28fb8261d14b4d3aa8663766855
-
SHA512
1642094d09b998a21e4ca0908edd5807550fda56236ccc02642aec3f5449f66d14fc27ca93e86d9b4c3b169f1ddefc59dcf0413ee7facabe2e9698020a56ced5
-
SSDEEP
12288:gv01G/osLRUggkgP3cVDmLSGU/vZe7jMHO1vMi/iXyvH:Y/N+gIMJmLSGU/vZe7jMHO1vL/iXyv
Score10/10-
Luminosity
Luminosity is a RAT family that was on sale, while claiming to be a system administration utility.
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-