Overview

overview

10

Static

static

1

53474c750c...18.exe

windows7-x64

10

53474c750c...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    53474c750c9187e0490082d8e1c11a6d_JaffaCakes118

  • Size

    418KB

  • Sample

    240518-gpqn5seg57

  • MD5

    53474c750c9187e0490082d8e1c11a6d

  • SHA1

    a53490817cd28f7f9d3689c1dff73308e39ea8c0

  • SHA256

    22761f5b95ad6b2932fd543292606a4390728e4837a9914c087ee0556b910786

  • SHA512

    77ffaf942f932c2ec81a1ca2c0b9f321c28745fd8f0cd1f91f8e0b7bd69fc82099b81cd736514309e8f431b7a6cbecf19ee154844587e3fbd1c097ec969c4f92

  • SSDEEP

    12288:qINL5QskZOSBJRVhQKUN3iduyA3fpIyTCP/tkhDzOkZ:n5mZOoJPCF3iduy669ViDykZ

Score
10/10
luminositypersistencerat

Malware Config

Targets

    • Target

      53474c750c9187e0490082d8e1c11a6d_JaffaCakes118

    • Size

      418KB

    • MD5

      53474c750c9187e0490082d8e1c11a6d

    • SHA1

      a53490817cd28f7f9d3689c1dff73308e39ea8c0

    • SHA256

      22761f5b95ad6b2932fd543292606a4390728e4837a9914c087ee0556b910786

    • SHA512

      77ffaf942f932c2ec81a1ca2c0b9f321c28745fd8f0cd1f91f8e0b7bd69fc82099b81cd736514309e8f431b7a6cbecf19ee154844587e3fbd1c097ec969c4f92

    • SSDEEP

      12288:qINL5QskZOSBJRVhQKUN3iduyA3fpIyTCP/tkhDzOkZ:n5mZOoJPCF3iduy669ViDykZ

    Score
    10/10
    luminositypersistencerat

    • Luminosity

      Luminosity is a RAT family that was on sale, while claiming to be a system administration utility.

      ratluminosity

    • Modifies WinLogon for persistence

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

1
T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

1
T1547.004

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks