Analysis
-
max time kernel
73s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
18-08-2022 16:45
Behavioral task
behavioral1
Sample
24389633997fb44b3278287a6cd5fa7073f603f3712917df2fd179c8de4086e3.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
24389633997fb44b3278287a6cd5fa7073f603f3712917df2fd179c8de4086e3.exe
Resource
win10v2004-20220812-en
General
-
Target
24389633997fb44b3278287a6cd5fa7073f603f3712917df2fd179c8de4086e3.exe
-
Size
4.3MB
-
MD5
e6c08840477f83791e9fb9d96176527c
-
SHA1
f3f76088c73925eadaf7cb636a82293cbfbd3b44
-
SHA256
24389633997fb44b3278287a6cd5fa7073f603f3712917df2fd179c8de4086e3
-
SHA512
b8a20d56719b6c4b6b3ec9a05fa371ee36329ecf8b5ffc5091648fab9e0923d147750bd5fece84f3cdc14945573a09682e5ae3496bbbbd2eb0e18f38cf2a80f8
Malware Config
Signatures
-
Luca Stealer
Info stealer written in Rust first seen in July 2022.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 14 ip-api.com -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 2824 24389633997fb44b3278287a6cd5fa7073f603f3712917df2fd179c8de4086e3.exe 2824 24389633997fb44b3278287a6cd5fa7073f603f3712917df2fd179c8de4086e3.exe 2824 24389633997fb44b3278287a6cd5fa7073f603f3712917df2fd179c8de4086e3.exe 2824 24389633997fb44b3278287a6cd5fa7073f603f3712917df2fd179c8de4086e3.exe 2824 24389633997fb44b3278287a6cd5fa7073f603f3712917df2fd179c8de4086e3.exe 2824 24389633997fb44b3278287a6cd5fa7073f603f3712917df2fd179c8de4086e3.exe