Analysis
-
max time kernel
153s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20220721-en -
submitted
03-08-2022 13:11
Static task
static1
Behavioral task
behavioral1
Sample
2fcc3b332c728c4d820b5c4e242ff60b75b79eb5dc48fb4ebfe484161b7908e3.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
2fcc3b332c728c4d820b5c4e242ff60b75b79eb5dc48fb4ebfe484161b7908e3.exe
Resource
win10v2004-20220721-en
General
-
Target
2fcc3b332c728c4d820b5c4e242ff60b75b79eb5dc48fb4ebfe484161b7908e3.exe
-
Size
5.1MB
-
MD5
2ebbff36fc0f41916d130d49552bf545
-
SHA1
b2306e181530a4123392d200f1292eddb63e4488
-
SHA256
2fcc3b332c728c4d820b5c4e242ff60b75b79eb5dc48fb4ebfe484161b7908e3
-
SHA512
81fafcf34b210da7404f606bfeb81746724b1efeb62f9d08cf2d0df02bb575ca70370b9e027db57d3a18bd3cfa5ae9f101be1cc05d4551d72ac1916eefeca6cf
-
SSDEEP
49152:UyNK+CTNrCx1e4SJ8sOMuXwwg+QqFbgQGsSHyU3Z2Xs+vxO2B2w9aeTC+0QEOuAa:9qT0xjpoRHyGodJ76lszwv
Malware Config
Signatures
-
Luca Stealer
Info stealer written in Rust first seen in July 2022.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 14 ip-api.com -
Suspicious behavior: EnumeratesProcesses 6 IoCs
Processes:
2fcc3b332c728c4d820b5c4e242ff60b75b79eb5dc48fb4ebfe484161b7908e3.exepid process 3948 2fcc3b332c728c4d820b5c4e242ff60b75b79eb5dc48fb4ebfe484161b7908e3.exe 3948 2fcc3b332c728c4d820b5c4e242ff60b75b79eb5dc48fb4ebfe484161b7908e3.exe 3948 2fcc3b332c728c4d820b5c4e242ff60b75b79eb5dc48fb4ebfe484161b7908e3.exe 3948 2fcc3b332c728c4d820b5c4e242ff60b75b79eb5dc48fb4ebfe484161b7908e3.exe 3948 2fcc3b332c728c4d820b5c4e242ff60b75b79eb5dc48fb4ebfe484161b7908e3.exe 3948 2fcc3b332c728c4d820b5c4e242ff60b75b79eb5dc48fb4ebfe484161b7908e3.exe