Analysis

  • max time kernel
    153s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220721-en
  • submitted
    03-08-2022 13:11

General

  • Target

    2fcc3b332c728c4d820b5c4e242ff60b75b79eb5dc48fb4ebfe484161b7908e3.exe

  • Size

    5.1MB

  • MD5

    2ebbff36fc0f41916d130d49552bf545

  • SHA1

    b2306e181530a4123392d200f1292eddb63e4488

  • SHA256

    2fcc3b332c728c4d820b5c4e242ff60b75b79eb5dc48fb4ebfe484161b7908e3

  • SHA512

    81fafcf34b210da7404f606bfeb81746724b1efeb62f9d08cf2d0df02bb575ca70370b9e027db57d3a18bd3cfa5ae9f101be1cc05d4551d72ac1916eefeca6cf

  • SSDEEP

    49152:UyNK+CTNrCx1e4SJ8sOMuXwwg+QqFbgQGsSHyU3Z2Xs+vxO2B2w9aeTC+0QEOuAa:9qT0xjpoRHyGodJ76lszwv

Malware Config

Signatures

  • Luca Stealer

    Info stealer written in Rust first seen in July 2022.

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2fcc3b332c728c4d820b5c4e242ff60b75b79eb5dc48fb4ebfe484161b7908e3.exe
    "C:\Users\Admin\AppData\Local\Temp\2fcc3b332c728c4d820b5c4e242ff60b75b79eb5dc48fb4ebfe484161b7908e3.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:3948

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads