General
-
Target
d800903bb78f5af8c62dc3c72c6ed2f6_JaffaCakes118
-
Size
1.2MB
-
Sample
240910-lnmy3sxbnq
-
MD5
d800903bb78f5af8c62dc3c72c6ed2f6
-
SHA1
34cd5f3a1212f554e6e661d4aed5262aed7b5fc6
-
SHA256
56eddff011b09747205c9c6ddd087dd53a354d8cca193ff8ab94018ea885210f
-
SHA512
b953e8665a0ae1ecc2953407753ac91bab044557eb7713077f5bbcff74e751e9f6a858d59ce55e10639a6175357cbb91a6a84560a9521ffee3a8b4d1e7476839
-
SSDEEP
24576:V/RvGws5stP0SKnTVIu5FPQI2GQq43Fjy0adhM5CKeMkrJeM2:V/R+wsyud+MQ3Gd1BPMors
Malware Config
Targets
-
-
Target
d800903bb78f5af8c62dc3c72c6ed2f6_JaffaCakes118
-
Size
1.2MB
-
MD5
d800903bb78f5af8c62dc3c72c6ed2f6
-
SHA1
34cd5f3a1212f554e6e661d4aed5262aed7b5fc6
-
SHA256
56eddff011b09747205c9c6ddd087dd53a354d8cca193ff8ab94018ea885210f
-
SHA512
b953e8665a0ae1ecc2953407753ac91bab044557eb7713077f5bbcff74e751e9f6a858d59ce55e10639a6175357cbb91a6a84560a9521ffee3a8b4d1e7476839
-
SSDEEP
24576:V/RvGws5stP0SKnTVIu5FPQI2GQq43Fjy0adhM5CKeMkrJeM2:V/R+wsyud+MQ3Gd1BPMors
Score10/10-
Luminosity
Luminosity is a RAT family that was on sale, while claiming to be a system administration utility.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1