General
-
Target
f00480b1d8e9b860b77fc5fb64c5ecc3cde8ae3bfe8aa9bbdabe57da5633bc11
-
Size
349KB
-
Sample
221127-wz9x4ahc38
-
MD5
60eec175da96472e274f381336f2e953
-
SHA1
3bf49fe29e8a17070594ab1df37d36c7d605576a
-
SHA256
f00480b1d8e9b860b77fc5fb64c5ecc3cde8ae3bfe8aa9bbdabe57da5633bc11
-
SHA512
3715091d4beb2e3903f4f5e2a37366d0c0d55e88d2aba78f4000d348fc31ef7936a9092fb716e8af10bcd9932b940e931a667f6cf8244ac7bfe9d8e34e519549
-
SSDEEP
6144:/v+2p5fGOmQ2lBZnUnoJHwGYb3XFNCSbLnTZYJFpiNX85pRpp99k9T9s9s9:H+2p5pmQg5U6HCB5bzOFwd2pRpp99k9l
Malware Config
Targets
-
-
Target
f00480b1d8e9b860b77fc5fb64c5ecc3cde8ae3bfe8aa9bbdabe57da5633bc11
-
Size
349KB
-
MD5
60eec175da96472e274f381336f2e953
-
SHA1
3bf49fe29e8a17070594ab1df37d36c7d605576a
-
SHA256
f00480b1d8e9b860b77fc5fb64c5ecc3cde8ae3bfe8aa9bbdabe57da5633bc11
-
SHA512
3715091d4beb2e3903f4f5e2a37366d0c0d55e88d2aba78f4000d348fc31ef7936a9092fb716e8af10bcd9932b940e931a667f6cf8244ac7bfe9d8e34e519549
-
SSDEEP
6144:/v+2p5fGOmQ2lBZnUnoJHwGYb3XFNCSbLnTZYJFpiNX85pRpp99k9T9s9s9:H+2p5pmQg5U6HCB5bzOFwd2pRpp99k9l
Score10/10-
Luminosity
Luminosity is a RAT family that was on sale, while claiming to be a system administration utility.
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-