luminosity | 736d3e74969be31c25e54b97d8755f564c331c9f741bfacd0db31242bd199dcb | Triage

Sharing

General

Target

1a2e8337a1f608a6fad4539851794a92_JaffaCakes118
Size

707KB
Sample

240506-b6jn9sga59
MD5

1a2e8337a1f608a6fad4539851794a92
SHA1

c9c61f2c601e81585cd6a4e60391455b4b3c8cc6
SHA256

736d3e74969be31c25e54b97d8755f564c331c9f741bfacd0db31242bd199dcb
SHA512

6ce1bf2eced942eec7f56190f307397f73cb56de3dbafca86b1aee642aa0fca190d16f4bc63681e772354972d9ba8bf21234f3e2403e018e2d33ed4128461d53
SSDEEP

12288:JTZDOyEY1aw+Tg65CTai02bbyqUVlZXwDV3WckLFia5oO:ldOYoWbfCXXwDorZi9O

Score

10^/10

luminosity persistence rat

Malware Config

Targets

- Target
  
  1a2e8337a1f608a6fad4539851794a92_JaffaCakes118
- Size
  
  707KB
- MD5
  
  1a2e8337a1f608a6fad4539851794a92
- SHA1
  
  c9c61f2c601e81585cd6a4e60391455b4b3c8cc6
- SHA256
  
  736d3e74969be31c25e54b97d8755f564c331c9f741bfacd0db31242bd199dcb
- SHA512
  
  6ce1bf2eced942eec7f56190f307397f73cb56de3dbafca86b1aee642aa0fca190d16f4bc63681e772354972d9ba8bf21234f3e2403e018e2d33ed4128461d53
- SSDEEP
  
  12288:JTZDOyEY1aw+Tg65CTai02bbyqUVlZXwDV3WckLFia5oO:ldOYoWbfCXXwDorZi9O
Score

10^/10

persistence luminosity rat
- Luminosity
  Luminosity is a RAT family that was on sale, while claiming to be a system administration utility.
  rat luminosity
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

luminositypersistencerat