lucastealer | d363a849b1c4a3644b9dcfb3d03f96eb8bf3f6b05a8286f0911396c2b4642432 | Triage

Submit
Reports

Overview

overview

Static

static

018f1b987d...91.exe

windows7-x64

018f1b987d...91.exe

windows10-2004-x64

Sharing

General

Target

018f1b987d7d79a024055b9ad168a866856a4b1d5c9f14809375cade8c9fc691.zip
Size

4.1MB
Sample

220918-slg4dabde5
MD5

f493aef25efa79eda78d09867a7e228c
SHA1

19e7d6f824ea0c7e05e4aca8c0a9fbc0a7ec5ab0
SHA256

d363a849b1c4a3644b9dcfb3d03f96eb8bf3f6b05a8286f0911396c2b4642432
SHA512

4ac6dc71fca38d6d366499925108b5628f4a692c09f1b17154c0aaccb5f485cbd87d8f03e797149d93775ce343df46f75809cc5cfb27e08147466e145ef45d78
SSDEEP

98304:NWnfwiLhfAetymEf8YOW68JHk4lGxwREoWQJ+rJSXFtVgxSjkKaKN:NqwEIYuOkEmGqW7JutVnkDU

Score

10^/10

lucastealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

018f1b987d7d79a024055b9ad168a866856a4b1d5c9f14809375cade8c9fc691.exe

Resource

win7-20220812-en

lucastealer stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

018f1b987d7d79a024055b9ad168a866856a4b1d5c9f14809375cade8c9fc691.exe

Resource

win10v2004-20220812-en

lucastealer spyware stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  018f1b987d7d79a024055b9ad168a866856a4b1d5c9f14809375cade8c9fc691
- Size
  
  4.2MB
- MD5
  
  7bf21e9170fda8ffa3c22c892ecef29a
- SHA1
  
  ffbc2327df43ff7868ff2eeeeebbdb721bd522d1
- SHA256
  
  018f1b987d7d79a024055b9ad168a866856a4b1d5c9f14809375cade8c9fc691
- SHA512
  
  763db449afe12f277952a3fc4dbcb18bae0bc34ad64f6155663be7553f3428d5b04b268b2ed1985b7ac7e15d80ee3646e783ada29f451801ac854674efd09396
- SSDEEP
  
  98304:Jm3Nfl9RXKKcB6fu4R1I/1C6KxLKwqcOIb6Csebp82yY837nB:Y3NflLXVcB6fu4R1uCFxKOPba2ylrB
Score

10^/10

lucastealer stealer spyware
- Luca Stealer
  Info stealer written in Rust first seen in July 2022.
  stealer lucastealer
- Luca Stealer payload
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lucastealerstealer

behavioral2

lucastealerspywarestealer

© 2018-2024

Terms | Privacy