Analysis
-
max time kernel
78s -
max time network
142s -
platform
windows10-2004_x64 -
resource
win10v2004-20220721-en -
submitted
03-08-2022 13:09
General
-
Target
29e841b19b52bd24701d86e7d5bbdc74391a0d00ed645b0fefec9c78d56c2b72.exe
-
Size
4.2MB
-
MD5
b977d6d227d7ffd28168fb328764d163
-
SHA1
51cf8ecff9ed421c2f340e4dca93722f0f274912
-
SHA256
29e841b19b52bd24701d86e7d5bbdc74391a0d00ed645b0fefec9c78d56c2b72
-
SHA512
0b711955e3265a82fde671273421fa1b495e31f84e1609cf4254762e1b1b848ae8ad3d85a08a79a61c0bff43851440f6ff3f8993cee05dbd85a99be3e7cc106c
-
SSDEEP
49152:FzrP0og+7HgS3qkxIgyRiYYCuxG3qiz3/TmQF+4KoL+v3iGcdpLrNbTn:JzYkeRIondrNP
Score
10/10
Malware Config
Signatures
-
Luca Stealer
Info stealer written in Rust first seen in July 2022.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\29e841b19b52bd24701d86e7d5bbdc74391a0d00ed645b0fefec9c78d56c2b72.exe"C:\Users\Admin\AppData\Local\Temp\29e841b19b52bd24701d86e7d5bbdc74391a0d00ed645b0fefec9c78d56c2b72.exe"1⤵
- Suspicious behavior: EnumeratesProcesses