General

  • Target

    7da9245a700f6545d3ecf786f990fff2396fed1cc5f73621f2b63599ca145081

  • Size

    403KB

  • Sample

    221127-vqv7xadg97

  • MD5

    12fab52166ca74beb58288c2beda1e86

  • SHA1

    a84deca4453e5bd58b1cb23978d3f05a6d50fbdc

  • SHA256

    7da9245a700f6545d3ecf786f990fff2396fed1cc5f73621f2b63599ca145081

  • SHA512

    f4fb20486267185fafd6f5645b57b6997b4d19d6c5db41c957d2d419d1884d3b40137307d16c62ce24103434419441216feeb81fee722c65b418f27f7bf489ad

  • SSDEEP

    6144:pXHB+V+i2eEGsklGFixqA/A3KEJMBpnjB85+vWeUOvsDpOX5aGBDic6:1miGXbx3/SMISOiB+7

Malware Config

Targets

    • Target

      7da9245a700f6545d3ecf786f990fff2396fed1cc5f73621f2b63599ca145081

    • Size

      403KB

    • MD5

      12fab52166ca74beb58288c2beda1e86

    • SHA1

      a84deca4453e5bd58b1cb23978d3f05a6d50fbdc

    • SHA256

      7da9245a700f6545d3ecf786f990fff2396fed1cc5f73621f2b63599ca145081

    • SHA512

      f4fb20486267185fafd6f5645b57b6997b4d19d6c5db41c957d2d419d1884d3b40137307d16c62ce24103434419441216feeb81fee722c65b418f27f7bf489ad

    • SSDEEP

      6144:pXHB+V+i2eEGsklGFixqA/A3KEJMBpnjB85+vWeUOvsDpOX5aGBDic6:1miGXbx3/SMISOiB+7

    • Luminosity

      Luminosity is a RAT family that was on sale, while claiming to be a system administration utility.

    • Modifies WinLogon for persistence

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks