General
-
Target
afef2f9f5c5e3ac4a946cea031ef20e6.msi
-
Size
5.7MB
-
Sample
221125-jj9wyafb6w
-
MD5
afef2f9f5c5e3ac4a946cea031ef20e6
-
SHA1
9cc6eb3707a9f58e6d5c024b1d0d53c4724c87ad
-
SHA256
03fcd10e0a552222e3d0ab3308af694af5536e8980e50c98ecfe48d32b267c59
-
SHA512
41e17bb4ad708c705830364d10d2617b5e098597fc630e0251c72da37158388626c926810ffa78f9a4d2da52529d8fd595e7e0cd4c22bc716f41609d9b0b4267
-
SSDEEP
49152:XpUPdFdYxt2SENs02k7OxHA32D9K1O5k0a5MLXrzL6yq5/Hdrbz5jLcwE/7z3V49:XpgKxPDM6+OLGThGWn126
Malware Config
Targets
-
-
Target
afef2f9f5c5e3ac4a946cea031ef20e6.msi
-
Size
5.7MB
-
MD5
afef2f9f5c5e3ac4a946cea031ef20e6
-
SHA1
9cc6eb3707a9f58e6d5c024b1d0d53c4724c87ad
-
SHA256
03fcd10e0a552222e3d0ab3308af694af5536e8980e50c98ecfe48d32b267c59
-
SHA512
41e17bb4ad708c705830364d10d2617b5e098597fc630e0251c72da37158388626c926810ffa78f9a4d2da52529d8fd595e7e0cd4c22bc716f41609d9b0b4267
-
SSDEEP
49152:XpUPdFdYxt2SENs02k7OxHA32D9K1O5k0a5MLXrzL6yq5/Hdrbz5jLcwE/7z3V49:XpgKxPDM6+OLGThGWn126
Score10/10-
Luca Stealer
Info stealer written in Rust first seen in July 2022.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-