luminosity | db92c8e97ca70c655fab9e12b733eb21bec0a778697570b2153097a486dfca56 | Triage

Sharing

General

Target

477b2fef777fd553b2bfd475a81ca7c4_JaffaCakes118
Size

504KB
Sample

240515-w7a4qsdg2w
MD5

477b2fef777fd553b2bfd475a81ca7c4
SHA1

e4720bd59c2ce20ddbb7a46ddb2f0cf6948e6302
SHA256

db92c8e97ca70c655fab9e12b733eb21bec0a778697570b2153097a486dfca56
SHA512

fdaeb0c519146ceb2709834d7f7ff17a7179c2bae782e0843f337335882efd61773b2ef8b4c588912e6f084a1e869667c121cb8eb8d64e705a07e24c3f7e4468
SSDEEP

12288:7PUaKD0K/7qdlWFFs5ksLLei+wgKUi+ICe3BiLaw:7cakv/7vMOme1K5zw

Score

10^/10

luminosity rat

Malware Config

Targets

- Target
  
  477b2fef777fd553b2bfd475a81ca7c4_JaffaCakes118
- Size
  
  504KB
- MD5
  
  477b2fef777fd553b2bfd475a81ca7c4
- SHA1
  
  e4720bd59c2ce20ddbb7a46ddb2f0cf6948e6302
- SHA256
  
  db92c8e97ca70c655fab9e12b733eb21bec0a778697570b2153097a486dfca56
- SHA512
  
  fdaeb0c519146ceb2709834d7f7ff17a7179c2bae782e0843f337335882efd61773b2ef8b4c588912e6f084a1e869667c121cb8eb8d64e705a07e24c3f7e4468
- SSDEEP
  
  12288:7PUaKD0K/7qdlWFFs5ksLLei+wgKUi+ICe3BiLaw:7cakv/7vMOme1K5zw
Score

10^/10

luminosity rat
- Luminosity
  Luminosity is a RAT family that was on sale, while claiming to be a system administration utility.
  rat luminosity
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scripting

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2