General
-
Target
4cccaa5cfb192851d364230d184a0472_JaffaCakes118
-
Size
1.8MB
-
Sample
240516-yqk9gsdg94
-
MD5
4cccaa5cfb192851d364230d184a0472
-
SHA1
6453801f53aabd336417b5b2d3d9bad1a5df4527
-
SHA256
8c561bd369af161f42dc9e98346ee039fced680e82666887f6dcd7ffaf84ab75
-
SHA512
fc01eb8dbceecc31a7ea193ec44417e5648b4efc3d5583d851a6c7e3bb814acac6d82be922cb1e5775429cc07d4c20768a539312539c9bf5f50605ff71c8ad65
-
SSDEEP
49152:l5+Zvuwcz/f+jGfX8r7xB58y8wBUDutZtpq4gC:Swwcz/mW8h8y8wBUStZtp
Malware Config
Targets
-
-
Target
4cccaa5cfb192851d364230d184a0472_JaffaCakes118
-
Size
1.8MB
-
MD5
4cccaa5cfb192851d364230d184a0472
-
SHA1
6453801f53aabd336417b5b2d3d9bad1a5df4527
-
SHA256
8c561bd369af161f42dc9e98346ee039fced680e82666887f6dcd7ffaf84ab75
-
SHA512
fc01eb8dbceecc31a7ea193ec44417e5648b4efc3d5583d851a6c7e3bb814acac6d82be922cb1e5775429cc07d4c20768a539312539c9bf5f50605ff71c8ad65
-
SSDEEP
49152:l5+Zvuwcz/f+jGfX8r7xB58y8wBUDutZtpq4gC:Swwcz/mW8h8y8wBUStZtp
Score10/10-
Luminosity
Luminosity is a RAT family that was on sale, while claiming to be a system administration utility.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-