General
-
Target
731797c96938873c7ed44fdccc2595d5_JaffaCakes118
-
Size
540KB
-
Sample
240525-ythb1age6s
-
MD5
731797c96938873c7ed44fdccc2595d5
-
SHA1
3a23b5e285888a383d0036d3a9c557d2b62f9b99
-
SHA256
4ea28d5654139872543b0aa3987e97ddb0a92b977afdd993efbb64b34bc51322
-
SHA512
93ec9fee6d1d1b89c8bf9c28835431b3c3267938795dd824ab32a303f73054640b5e2d44d57dd1ec284bf14fa614671be290004902e422a0226bd66264e006e9
-
SSDEEP
12288:8kujl49Q5rb9c8Hz+n3ds1QNUKokN+XpDPCMm3YCZhyVyDqfBq:m4Q5rBA3BUZunMmPZhyYDqQ
Static task
static1
Behavioral task
behavioral1
Sample
Purchase order list.JPG.scr
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
Purchase order list.JPG.scr
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
Purchase order list.JPG.scr
-
Size
674KB
-
MD5
732666aebcfaa043adcf0435c25c2a63
-
SHA1
7063a25f0d956ac54fdf83b5842f750c18d214e7
-
SHA256
1a5f70e81feddef080a6913baa2c46e2098cc0dec52c66a0f6632084d7ba983e
-
SHA512
0d0eb7aaa8c0033e3e6e84316eb3b095b47cfea00c8e8adcc12525f628966e8de39e891bb6f55de8991536912fe746fd6f27892c4aa0fbacc9842295714dce79
-
SSDEEP
12288:S5ciWsuCCFz+srS6lBeMS8YOUKaENFgI9ttuZC7vWEY:STMFCO5lmOUKaXINuK2
Score10/10-
Luminosity
Luminosity is a RAT family that was on sale, while claiming to be a system administration utility.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-