Overview

overview

10

Static

static

3

Purchase o...PG.scr

windows7-x64

7

Purchase o...PG.scr

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    731797c96938873c7ed44fdccc2595d5_JaffaCakes118

  • Size

    540KB

  • Sample

    240525-ythb1age6s

  • MD5

    731797c96938873c7ed44fdccc2595d5

  • SHA1

    3a23b5e285888a383d0036d3a9c557d2b62f9b99

  • SHA256

    4ea28d5654139872543b0aa3987e97ddb0a92b977afdd993efbb64b34bc51322

  • SHA512

    93ec9fee6d1d1b89c8bf9c28835431b3c3267938795dd824ab32a303f73054640b5e2d44d57dd1ec284bf14fa614671be290004902e422a0226bd66264e006e9

  • SSDEEP

    12288:8kujl49Q5rb9c8Hz+n3ds1QNUKokN+XpDPCMm3YCZhyVyDqfBq:m4Q5rBA3BUZunMmPZhyYDqQ

Score
10/10
luminositypersistencerat

Malware Config

Targets

    • Target

      Purchase order list.JPG.scr

    • Size

      674KB

    • MD5

      732666aebcfaa043adcf0435c25c2a63

    • SHA1

      7063a25f0d956ac54fdf83b5842f750c18d214e7

    • SHA256

      1a5f70e81feddef080a6913baa2c46e2098cc0dec52c66a0f6632084d7ba983e

    • SHA512

      0d0eb7aaa8c0033e3e6e84316eb3b095b47cfea00c8e8adcc12525f628966e8de39e891bb6f55de8991536912fe746fd6f27892c4aa0fbacc9842295714dce79

    • SSDEEP

      12288:S5ciWsuCCFz+srS6lBeMS8YOUKaENFgI9ttuZC7vWEY:STMFCO5lmOUKaXINuK2

    Score
    10/10
    persistenceluminosityrat

    • Luminosity

      Luminosity is a RAT family that was on sale, while claiming to be a system administration utility.

      ratluminosity

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks