luminosity | 1b1995220cc4b90ca03f1746e06f1ccac03e4069237e7b63434a98d8a203d83e | Triage

Sharing

General

Target

66997191185c2076cd9ad60bc4114bfa_JaffaCakes118
Size

562KB
Sample

240522-j4k4bahc23
MD5

66997191185c2076cd9ad60bc4114bfa
SHA1

637fc2d0cc5e84a8d58326c81959db3a1db3c78f
SHA256

1b1995220cc4b90ca03f1746e06f1ccac03e4069237e7b63434a98d8a203d83e
SHA512

47d651f7fdf51097ae3c118acb12aba68e9ee3e1ef4e0ef9f9cdfb672b4b3c8c63f27f6584e261a36dfebac846c61ad06c2e7606a346aa48951ac7341a005acf
SSDEEP

12288:yNlB6Lnp+QEyh7PHrJSTgJ+9nG7+8axFJHxGJS4XIM6:gBCnpUO7PHFugJhy8aNHiS06

Score

10^/10

luminosity persistence rat

Malware Config

Targets

- Target
  
  66997191185c2076cd9ad60bc4114bfa_JaffaCakes118
- Size
  
  562KB
- MD5
  
  66997191185c2076cd9ad60bc4114bfa
- SHA1
  
  637fc2d0cc5e84a8d58326c81959db3a1db3c78f
- SHA256
  
  1b1995220cc4b90ca03f1746e06f1ccac03e4069237e7b63434a98d8a203d83e
- SHA512
  
  47d651f7fdf51097ae3c118acb12aba68e9ee3e1ef4e0ef9f9cdfb672b4b3c8c63f27f6584e261a36dfebac846c61ad06c2e7606a346aa48951ac7341a005acf
- SSDEEP
  
  12288:yNlB6Lnp+QEyh7PHrJSTgJ+9nG7+8axFJHxGJS4XIM6:gBCnpUO7PHFugJhy8aNHiS06
Score

10^/10

persistence luminosity rat
- Luminosity
  Luminosity is a RAT family that was on sale, while claiming to be a system administration utility.
  rat luminosity
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

luminositypersistencerat