Overview

overview

10

Static

static

3

RFQ-1.exe

windows7-x64

10

RFQ-1.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RFQ-1.exe

  • Size

    865KB

  • Sample

    250121-b2rt3szlez

  • MD5

    ded2efc42a4aa5529688d94318c84e14

  • SHA1

    66522967e681b6dd96356997de85c47671027fe1

  • SHA256

    4b9b87441ef44b226d170b760103ff694a7374805e26202822250154d3206994

  • SHA512

    5e4bbf0e42d49e0c08369fe46b682e40c000e32aca85b39016c71ad1611b0d9233756e0472776a7a4c83c9e2491c343ced09f2f1c2617d5f537f78fabb982c14

  • SSDEEP

    24576:ItTjLfP36gvBsU6y4spmW6Ghl2b7hN/HAT:4jLPv4spmW6G8/

Score
10/10
luminositydiscoverypersistencerat

Malware Config

Targets

    • Target

      RFQ-1.exe

    • Size

      865KB

    • MD5

      ded2efc42a4aa5529688d94318c84e14

    • SHA1

      66522967e681b6dd96356997de85c47671027fe1

    • SHA256

      4b9b87441ef44b226d170b760103ff694a7374805e26202822250154d3206994

    • SHA512

      5e4bbf0e42d49e0c08369fe46b682e40c000e32aca85b39016c71ad1611b0d9233756e0472776a7a4c83c9e2491c343ced09f2f1c2617d5f537f78fabb982c14

    • SSDEEP

      24576:ItTjLfP36gvBsU6y4spmW6Ghl2b7hN/HAT:4jLPv4spmW6G8/

    Score
    10/10
    luminositydiscoverypersistencerat

    • Luminosity

      Luminosity is a RAT family that was on sale, while claiming to be a system administration utility.

      ratluminosity

    • Luminosity family

      luminosity

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks