Overview

overview

10

Static

static

3

4a1d515567...18.exe

windows7-x64

10

4a1d515567...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4a1d5155676794951ccdec7aaf181567_JaffaCakes118

  • Size

    1.3MB

  • Sample

    241015-1fd4jasepn

  • MD5

    4a1d5155676794951ccdec7aaf181567

  • SHA1

    108bb8ba55e8657815ff7deefc8b4b22e59608d6

  • SHA256

    ce575fd964bbf7f36b42ba99c3d15f613f8df809ed8317598f8fd8f7e5ad728c

  • SHA512

    58fe81f2ce37861b8087b501a4015b0b0a4be5a5473de8728473edc3764931cfd7635de0b89d6633cb1c102432533c461d6517096ed45e613a4c5c9ebe1726da

  • SSDEEP

    24576:s3nZqfb4jBSHzuk+bUf4s90JIYHDosyTaqMyAnXxTvNuhSd3P3JlF2+c9L6nGC:sjsutAf4sCWZUXxLIhU3P3fFbmGGC

Score
10/10
luminositydiscoverypersistencerat

Malware Config

Targets

    • Target

      4a1d5155676794951ccdec7aaf181567_JaffaCakes118

    • Size

      1.3MB

    • MD5

      4a1d5155676794951ccdec7aaf181567

    • SHA1

      108bb8ba55e8657815ff7deefc8b4b22e59608d6

    • SHA256

      ce575fd964bbf7f36b42ba99c3d15f613f8df809ed8317598f8fd8f7e5ad728c

    • SHA512

      58fe81f2ce37861b8087b501a4015b0b0a4be5a5473de8728473edc3764931cfd7635de0b89d6633cb1c102432533c461d6517096ed45e613a4c5c9ebe1726da

    • SSDEEP

      24576:s3nZqfb4jBSHzuk+bUf4s90JIYHDosyTaqMyAnXxTvNuhSd3P3JlF2+c9L6nGC:sjsutAf4sCWZUXxLIhU3P3fFbmGGC

    Score
    10/10
    luminositydiscoverypersistencerat

    • Luminosity

      Luminosity is a RAT family that was on sale, while claiming to be a system administration utility.

      ratluminosity

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

Remote System Discovery

1
T1018

System Information Discovery

2
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

System Network Configuration Discovery

1
T1016

Internet Connection Discovery

1
T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks