Overview

overview

10

Static

static

1

7d39468c9c...18.exe

windows7-x64

1

7d39468c9c...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7d39468c9c7a5e722cdf752071865924_JaffaCakes118

  • Size

    586KB

  • Sample

    240528-rcg7cagc7y

  • MD5

    7d39468c9c7a5e722cdf752071865924

  • SHA1

    9b5ba1e2fa3ddad0966fd404c0a01b6be7f2359d

  • SHA256

    102f3f47b7babe90ea9d6af0913c4036931ec86e2a7c6edd6bce415ed8286cfb

  • SHA512

    1e03e8703b72d6ee729895973296d1e5d333089c19efb35bc5850fe43df70bd4c82a77475d0cc0ab427ee1ef5e471148e62296392eead508f14b49df93c2a7ce

  • SSDEEP

    12288:yjWshi3UvdHNc5JQA2ur1e1ckv4y4TWKH2cgqUe:yjdzI5JXWX8C3HqN

Score
10/10
luminositypersistencerat

Malware Config

Targets

    • Target

      7d39468c9c7a5e722cdf752071865924_JaffaCakes118

    • Size

      586KB

    • MD5

      7d39468c9c7a5e722cdf752071865924

    • SHA1

      9b5ba1e2fa3ddad0966fd404c0a01b6be7f2359d

    • SHA256

      102f3f47b7babe90ea9d6af0913c4036931ec86e2a7c6edd6bce415ed8286cfb

    • SHA512

      1e03e8703b72d6ee729895973296d1e5d333089c19efb35bc5850fe43df70bd4c82a77475d0cc0ab427ee1ef5e471148e62296392eead508f14b49df93c2a7ce

    • SSDEEP

      12288:yjWshi3UvdHNc5JQA2ur1e1ckv4y4TWKH2cgqUe:yjdzI5JXWX8C3HqN

    Score
    10/10
    luminositypersistencerat

    • Luminosity

      Luminosity is a RAT family that was on sale, while claiming to be a system administration utility.

      ratluminosity

    • Modifies WinLogon for persistence

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

1
T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

1
T1547.004

Defense Evasion

Modify Registry

3
T1112

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks