General
-
Target
B_W_luminati-cn.exe
-
Size
74.2MB
-
Sample
250328-qjlmnswwey
-
MD5
377dbf4757a78025ef8ca4d1ef6adc60
-
SHA1
2476f22f8c1c18f72663d043b2b72c118b668649
-
SHA256
94ac7ea727784fe92d4b3582d8167b3afb270e74f9121dca587c37883148a5cb
-
SHA512
4bb8fc416714e7efc33c8dcc5a9c056da50f99b58923c1cce313447ccaf08fe02240cb8ae89130852101712c5f0467d7a2a7583f964013d5017bce875d212141
-
SSDEEP
1572864:ROTrXNI0QCR1VS2hbT87kiP/25jv3veiSnQciqi/72jZ:8nXNI0vRX5VTYJKjvfwqq876
Malware Config
Targets
-
-
Target
B_W_luminati-cn.exe
-
Size
74.2MB
-
MD5
377dbf4757a78025ef8ca4d1ef6adc60
-
SHA1
2476f22f8c1c18f72663d043b2b72c118b668649
-
SHA256
94ac7ea727784fe92d4b3582d8167b3afb270e74f9121dca587c37883148a5cb
-
SHA512
4bb8fc416714e7efc33c8dcc5a9c056da50f99b58923c1cce313447ccaf08fe02240cb8ae89130852101712c5f0467d7a2a7583f964013d5017bce875d212141
-
SSDEEP
1572864:ROTrXNI0QCR1VS2hbT87kiP/25jv3veiSnQciqi/72jZ:8nXNI0vRX5VTYJKjvfwqq876
Score6/10-
Legitimate hosting services abused for malware hosting/C2
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Enumerates processes with tasklist
-
-
-
Target
$PLUGINSDIR/SpiderBanner.dll
-
Size
9KB
-
MD5
17309e33b596ba3a5693b4d3e85cf8d7
-
SHA1
7d361836cf53df42021c7f2b148aec9458818c01
-
SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93
-
SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298
-
SSDEEP
192:5lkE3uqRI1y7/xcfK4PRef6gQzJyY1rpKlVrw:5lkMBI1y7UKcef6XzJrpKY
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
17ed1c86bd67e78ade4712be48a7d2bd
-
SHA1
1cc9fe86d6d6030b4dae45ecddce5907991c01a0
-
SHA256
bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb
-
SHA512
0cbed521e7d6d1f85977b3f7d3ca7ac34e1b5495b69fd8c7bfa1a846baf53b0ecd06fe1ad02a3599082ffacaf8c71a3bb4e32dec05f8e24859d736b828092cd5
-
SSDEEP
192:eY24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35Ol+Sl:E8QIl975eXqlWBrz7YLOl+
Score3/10 -
-
-
Target
$PLUGINSDIR/WinShell.dll
-
Size
3KB
-
MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56
-
SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c
-
SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
-
SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
Score3/10 -
-
-
Target
LICENSES.chromium.html
-
Size
4.9MB
-
MD5
8ac6bfdf42c0699b2ce9b3aadfc5a233
-
SHA1
dd09db85821db4827d1a491993cb0311855d5d86
-
SHA256
a6692be8af33d0673504a5d2bd519f4738aa872595eccc0434f5921185c0d56d
-
SHA512
3868911062f5e19e570538c0104e54ce2bdce9b06185baa3ca5657724be1def9e56fecfe1e532fd504117cc1c8636b8058c0a5fa5d5c60c3d253e5d57cbfe08f
-
SSDEEP
24576:bTUTBOmnLiLQrz62BrErzKm8bkUVQYwM/Q1OuS:/GOmLAOfNC+1C1M
Score4/10 -
-
-
Target
Proxy Manager.exe
-
Size
108.4MB
-
MD5
4a2fb12eb37791fd76e7fd8ab3578632
-
SHA1
107035c99fb584a123a01161b98e93f73aedb3bb
-
SHA256
cc1b4d769b1df73b4f0b1af9f6e7cfa18c39cc674fbfea75c5cb918c205b4273
-
SHA512
b09c46e0f39ff08595508b1352048e63346a9161a9b2a58e5331d6770c9e494c468ac64bbf991ed4d71a918fafe951aa5f99a61dc9dde559e66a60b1a867ace1
-
SSDEEP
1572864:Fl3+8ndkdcGsiccaEZBg0HAmbfkfgvl1sqBDs11JFOhesOBUr57XY6NBzUQVbmT8:L3+8Seok3DqThc6EYv
Score5/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Enumerates processes with tasklist
-
-
-
Target
d3dcompiler_47.dll
-
Size
3.5MB
-
MD5
2f2e363c9a9baa0a9626db374cc4e8a4
-
SHA1
17f405e81e5fce4c5a02ca049f7bd48b31674c8f
-
SHA256
2630f4188bd2ea5451ca61d83869bf7068a4f0440401c949a9feb9fb476e15df
-
SHA512
e668a5d1f5e6f821ebfa0913e201f0dfd8da2f96605701f8db18d14ea4fdeac73aeb9b4fe1f22eaeffcdd1c0f73a6701763727d5b09775666f82b678404e4924
-
SSDEEP
49152:sXMoHAsisjBFjJMLhHELxJm8ZU8W/GBj5Z535TMpinAizxkl/cD11bqCG7jHbOkD:srZOb8W/G5hnAizxz7NZy9AG
Score3/10 -
-
-
Target
ffmpeg.dll
-
Size
2.5MB
-
MD5
dce890ac8e43ae08eaa373bdfb503cd0
-
SHA1
b3032f5e9ab97cae111cfa2d67ba52aebad4afc0
-
SHA256
f4466b3dc7983d846de0cf86e624c427c0a87e2ad06fef9226d7dfc595381eb4
-
SHA512
5f2850be70bffb4cdeb10d15fc37dcdf3a710dd92ee4246f846fe85f6c37f5405251168386efaddb702c66480ddb18c76fa16942c6191f5ec0f58b577cd61adc
-
SSDEEP
49152:ULYuh0d+XUhrWiy9axXy3Zl6zhfgRxQo7izQN1iNK8b:CYu+d+k1Wr90Xy3Zifu2aUjK
Score3/10 -
-
-
Target
libEGL.dll
-
Size
359KB
-
MD5
b815a882cbe461c20fa23f6ea2b0e07e
-
SHA1
93c0b7e1079bda528f079d29dbcd17717e1de4d2
-
SHA256
bcbcf04610ff355fbef26127c17356cee15c5cf65d8a329674ed306afaf51763
-
SHA512
9d2b262bac45d11385bb5040e0a1dd512dcac0492a0d742828997d6e65571e2b9cee83805577fc36a14e76151ab83c3df6ee06dfe79e1443bf72fa45dd022d8d
-
SSDEEP
6144:UZIzp/XXWgVwRnS79etbZeMoRcoRxNgJtrOujFFBkYb8/j528j58LFsdlGVxtErV:Uv5S79etOcoR0EujFDnb4dMntEP/G
Score3/10 -
-
-
Target
libGLESv2.dll
-
Size
6.5MB
-
MD5
005b608210fc7d2bd5c303d281c75f9e
-
SHA1
53c24add246b61259d2ad94357a2138dadffca37
-
SHA256
09fa39b3f27d7c6f590e4aabf5963e8deac6445eec251df9f305037053f90a24
-
SHA512
9e360eb67d12d6f1a727d255a1a7c49a701d2efbebff595eb66284dcfe6add5978276bd054d882f954e3db655b7f8f647d7d26af814e243e16540b3fa94a4d82
-
SSDEEP
98304:GabNGCbj8+NFKfEeqU8/J6gAZ/rJiDMRE+poatKBv33Cn:GYUCbjKfx8/JV0lpoatKa
Score3/10 -
-
-
Target
resources/app/README-zh-CN.md
-
Size
18KB
-
MD5
8eb016e76e41881f7c065af2ba9cebc4
-
SHA1
7b8bd9729189a4e9b4328dd590c35794f7822e8e
-
SHA256
6ccfc9d1f4a2511f8227aad44b586e0aa5c12db1c104c5c1ec1a256c0ecfbf9c
-
SHA512
4c414d524f82cd2bf7ea361a4be63a5d315a187588501de7e2879b7d4fe9928ef102d310bda071c4d513bd7a6147293a63f239573b99f4f636568afe84c65f5a
-
SSDEEP
192:ZGTrnJMTNUt21d0rJejYxEIaRwmiSNJFZsj/H8uH10rTlIFhR:t+t21mSY2IalcLEZI5
Score3/10 -
-
-
Target
resources/app/bin/cert_gen.sh
-
Size
353B
-
MD5
8188617ed5b3f59657e70f6613408aaa
-
SHA1
e938afcda147a317b92f04a247a8d3e3ad403f6c
-
SHA256
23fdce67425735c2f447ebbabaa4e708189ad4a28ef005898807cab6b047a4a5
-
SHA512
c1d54f563097c4350f7c56f30d67284e46f5de49151c8f7e12dde8622a68f234d9f9f86652ef53c557f85690e47e7813dc4301f5c5e6b0e9652c7d5e63719850
Score3/10 -
-
-
Target
resources/app/bin/index.js
-
Size
514B
-
MD5
2ffac93c1e0896cf98f1514f70fe8637
-
SHA1
22fa46c684b079fae1a9921a87b3e6c63cc6e373
-
SHA256
15cb73537b76df1b820056767dae3e8730cd91e1798bbd56e04075e8e677382b
-
SHA512
cdc66c2d890c8edc558ffac76b46a3e63bb0b8d95e254860f18bca8c03c72fec51133fbcd7e8983219ef0a707614c9f4aed02f640d8d9afa25ff7e1fea00a4f4
Score6/10-
Creates/modifies environment variables
Creating/modifying environment variables is a common persistence mechanism.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Modifies Bash startup script
-
-
-
Target
resources/app/bin/lpm_downgrade.sh
-
Size
486B
-
MD5
c2913650e886be90c3dc3464cf257124
-
SHA1
5f3a2794a1c3be209f5074d73a6485b48a4e98ba
-
SHA256
c00ee8c9bf0002b7b3a5cbc7c25f3dd7d2846950826f70a79ed66ad8d180d202
-
SHA512
e7528a5266b8a1c8fb895656bb6dfea67eb7e094a442e93ab51d3a01f4bf3c48048a729a84a8a0a12223fd021bcf773055115533fe6590850fb4ab0b5aec717d
Score4/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Privilege Escalation
Boot or Logon Autostart Execution
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Defense Evasion
Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Modify Registry
1Virtualization/Sandbox Evasion
1System Checks
1Discovery
Browser Information Discovery
1Process Discovery
1Query Registry
4System Information Discovery
6System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Virtualization/Sandbox Evasion
1System Checks
1