Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
df3276923c77fda7e3a581b56bf727686608443c0188b54b23781de64e5102c3
-
Size
2.8MB
-
Sample
241108-frx1kavqcv
-
MD5
85fd33013e5c7d0c132e37916f6d4d22
-
SHA1
5b15fc198af5c423859f30a0768e0b6b5c143a44
-
SHA256
df3276923c77fda7e3a581b56bf727686608443c0188b54b23781de64e5102c3
-
SHA512
b9e1aa8aaf429f401cc0c87639b59221b104290930b7e3e06c2a74c8a0d56c72809f2cadce518491f405580f83cc7b9816917139c1cccae8daa3a30a4378b0f8
-
SSDEEP
49152:fsrGlmSlV77N/2zUDwug+TbrgZQly5JJ7nWJSR5BXzzncQPzxwDMuXZ4S:IaN/4UcuXPkcy5jDWWblPVw1Xq
Malware Config
Targets
-
-
Target
df3276923c77fda7e3a581b56bf727686608443c0188b54b23781de64e5102c3
-
Size
2.8MB
-
MD5
85fd33013e5c7d0c132e37916f6d4d22
-
SHA1
5b15fc198af5c423859f30a0768e0b6b5c143a44
-
SHA256
df3276923c77fda7e3a581b56bf727686608443c0188b54b23781de64e5102c3
-
SHA512
b9e1aa8aaf429f401cc0c87639b59221b104290930b7e3e06c2a74c8a0d56c72809f2cadce518491f405580f83cc7b9816917139c1cccae8daa3a30a4378b0f8
-
SSDEEP
49152:fsrGlmSlV77N/2zUDwug+TbrgZQly5JJ7nWJSR5BXzzncQPzxwDMuXZ4S:IaN/4UcuXPkcy5jDWWblPVw1Xq
Score10/10-
Luminosity
Luminosity is a RAT family that was on sale, while claiming to be a system administration utility.
-
Luminosity family
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Scheduled Task/Job
1Scheduled Task
1