General

  • Target

    655c5fb5f5600963ef4d2d705b839e62be86ae03dc3e416a1feaa670b85dfaa9

  • Size

    263KB

  • Sample

    221127-p1fmbahb72

  • MD5

    0933760192fb29d692ef0e037229e86d

  • SHA1

    e9a323e9fd86d090e3e942060c7d809d7f0a6eee

  • SHA256

    655c5fb5f5600963ef4d2d705b839e62be86ae03dc3e416a1feaa670b85dfaa9

  • SHA512

    b7c733f0b5c02bfe61420dbb75a1c6cf57353b24c0853e07199cb89e3eebb1743df621779874ca6d1f00250c8a257e8b8b45bf4ee59a9bae5a8e3f7b0c4b52f0

  • SSDEEP

    6144:Wve5lT+gycJHniGIGAigQtXopTPZTwqVOBCvDgi:W0Tu1G9BtXoBZrMBaDgi

Malware Config

Targets

    • Target

      655c5fb5f5600963ef4d2d705b839e62be86ae03dc3e416a1feaa670b85dfaa9

    • Size

      263KB

    • MD5

      0933760192fb29d692ef0e037229e86d

    • SHA1

      e9a323e9fd86d090e3e942060c7d809d7f0a6eee

    • SHA256

      655c5fb5f5600963ef4d2d705b839e62be86ae03dc3e416a1feaa670b85dfaa9

    • SHA512

      b7c733f0b5c02bfe61420dbb75a1c6cf57353b24c0853e07199cb89e3eebb1743df621779874ca6d1f00250c8a257e8b8b45bf4ee59a9bae5a8e3f7b0c4b52f0

    • SSDEEP

      6144:Wve5lT+gycJHniGIGAigQtXopTPZTwqVOBCvDgi:W0Tu1G9BtXoBZrMBaDgi

    • Luminosity

      Luminosity is a RAT family that was on sale, while claiming to be a system administration utility.

    • Modifies WinLogon for persistence

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks