lucastealer | eedeb7539b2f680304e81c08f27372bc5459b8e406872f8ea939065e466f0774 | Triage

Resubmissions

01-12-2022 16:35

221201-t345xagb67 10

23-11-2022 19:33

221123-x9kavshd23 10

Sharing

General

Target

SecuriteInfo.com.Heuristic.HEUR.AGEN.1253469.14711.357.exe
Size

17.6MB
Sample

221123-x9kavshd23
MD5

8c2a390aa7833720b374a720a6d06e4d
SHA1

188ec1a33bfd028333bcc3f6e96d2dbbdf01367f
SHA256

eedeb7539b2f680304e81c08f27372bc5459b8e406872f8ea939065e466f0774
SHA512

ac9bac95c37944ef7bb053126d5e5ba67c74562434b7bd4cb6f4c54e1d1cef8204990d670920f48af1cf26fb59ac422c0ccfe0075940cfe9c45e995897b86a07
SSDEEP

98304:BMSVESq5M3ClAD3sXHLQTyaQRO+YwWcRImg0cHQwb4CsB/wpDm7qCOPXwRalZLCt:2SSSP7sNavN7mg0mlb3DDdDP0

Score

10^/10

lucastealer spyware stealer

Malware Config

Targets

- Target
  
  SecuriteInfo.com.Heuristic.HEUR.AGEN.1253469.14711.357.exe
- Size
  
  17.6MB
- MD5
  
  8c2a390aa7833720b374a720a6d06e4d
- SHA1
  
  188ec1a33bfd028333bcc3f6e96d2dbbdf01367f
- SHA256
  
  eedeb7539b2f680304e81c08f27372bc5459b8e406872f8ea939065e466f0774
- SHA512
  
  ac9bac95c37944ef7bb053126d5e5ba67c74562434b7bd4cb6f4c54e1d1cef8204990d670920f48af1cf26fb59ac422c0ccfe0075940cfe9c45e995897b86a07
- SSDEEP
  
  98304:BMSVESq5M3ClAD3sXHLQTyaQRO+YwWcRImg0cHQwb4CsB/wpDm7qCOPXwRalZLCt:2SSSP7sNavN7mg0mlb3DDdDP0
Score

10^/10

lucastealer spyware stealer
- Luca Stealer
  Info stealer written in Rust first seen in July 2022.
  stealer lucastealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lucastealerspywarestealer

behavioral2