luminosity | d8bc76c5ffa22a71f54e28d3ad2bce6979af7572f80489a1501b1d5564b1b7f9 | Triage

Sharing

General

Target

315f8b3713cf9f60b41303e642d8c69d_JaffaCakes118
Size

711KB
Sample

240510-2hfktadf3t
MD5

315f8b3713cf9f60b41303e642d8c69d
SHA1

969b4d319121f800c83db9f787cf10ca136d0849
SHA256

d8bc76c5ffa22a71f54e28d3ad2bce6979af7572f80489a1501b1d5564b1b7f9
SHA512

45bb2f86fa05d22cba101a59b490277403b88b3ec5a8c2ac82c0751e8285acc6e9f21ee01732f33ceb0b1f6f5be35febae8c256b575eb0d96a114be2724f65c1
SSDEEP

12288:DLBK0k0UDo/5WPOOkFYntDbclWaXyf0kWas70z48bpz8f8GQGRvEWMAPiB:DLgUG852OOCYnnaXyqNIU8byQEMW/qB

Score

10^/10

luminosity persistence rat

Malware Config

Targets

- Target
  
  315f8b3713cf9f60b41303e642d8c69d_JaffaCakes118
- Size
  
  711KB
- MD5
  
  315f8b3713cf9f60b41303e642d8c69d
- SHA1
  
  969b4d319121f800c83db9f787cf10ca136d0849
- SHA256
  
  d8bc76c5ffa22a71f54e28d3ad2bce6979af7572f80489a1501b1d5564b1b7f9
- SHA512
  
  45bb2f86fa05d22cba101a59b490277403b88b3ec5a8c2ac82c0751e8285acc6e9f21ee01732f33ceb0b1f6f5be35febae8c256b575eb0d96a114be2724f65c1
- SSDEEP
  
  12288:DLBK0k0UDo/5WPOOkFYntDbclWaXyf0kWas70z48bpz8f8GQGRvEWMAPiB:DLgUG852OOCYnnaXyqNIU8byQEMW/qB
Score

10^/10

persistence luminosity rat
- Luminosity
  Luminosity is a RAT family that was on sale, while claiming to be a system administration utility.
  rat luminosity
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

luminositypersistencerat