Overview

overview

10

Static

static

3

4cccaa5cfb...18.exe

windows7-x64

10

4cccaa5cfb...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4cccaa5cfb192851d364230d184a0472_JaffaCakes118

  • Size

    1.8MB

  • Sample

    240516-yqk9gsdg94

  • MD5

    4cccaa5cfb192851d364230d184a0472

  • SHA1

    6453801f53aabd336417b5b2d3d9bad1a5df4527

  • SHA256

    8c561bd369af161f42dc9e98346ee039fced680e82666887f6dcd7ffaf84ab75

  • SHA512

    fc01eb8dbceecc31a7ea193ec44417e5648b4efc3d5583d851a6c7e3bb814acac6d82be922cb1e5775429cc07d4c20768a539312539c9bf5f50605ff71c8ad65

  • SSDEEP

    49152:l5+Zvuwcz/f+jGfX8r7xB58y8wBUDutZtpq4gC:Swwcz/mW8h8y8wBUStZtp

Score
10/10
luminositypersistencerat

Malware Config

Targets

    • Target

      4cccaa5cfb192851d364230d184a0472_JaffaCakes118

    • Size

      1.8MB

    • MD5

      4cccaa5cfb192851d364230d184a0472

    • SHA1

      6453801f53aabd336417b5b2d3d9bad1a5df4527

    • SHA256

      8c561bd369af161f42dc9e98346ee039fced680e82666887f6dcd7ffaf84ab75

    • SHA512

      fc01eb8dbceecc31a7ea193ec44417e5648b4efc3d5583d851a6c7e3bb814acac6d82be922cb1e5775429cc07d4c20768a539312539c9bf5f50605ff71c8ad65

    • SSDEEP

      49152:l5+Zvuwcz/f+jGfX8r7xB58y8wBUDutZtpq4gC:Swwcz/mW8h8y8wBUStZtp

    Score
    10/10
    luminositypersistencerat

    • Luminosity

      Luminosity is a RAT family that was on sale, while claiming to be a system administration utility.

      ratluminosity

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks