Overview

overview

10

Static

static

10

rswin.exe

windows7-x64

10

rswin.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    rswin.exe

  • Size

    5.6MB

  • Sample

    230110-afsc2sgc46

  • MD5

    59ff6641dea3e3d3e2e6abd3e1ccb357

  • SHA1

    533f88a140383aaaf735b62d550b02bb2705db42

  • SHA256

    303bc7a7372b58fcf86cec6e3f64c68ae8d0d4005ba456f1a3d083ad554fe6ef

  • SHA512

    58b10df383b6ecf8dfcd8e5e23b82b88e61af34ae2b2eb6607423858ad43ef5c8f82c7c882ca63b10fd60f62b85dc18a213857598bbf7bf82c71528a4eb8591b

  • SSDEEP

    49152:ucLMXimdb4cv+oUX63PWbo1OI83xGXgn5KnK8ICuasCDZ+X6vR7e73UK56xmDpfY:PEiKisj8EjIhW8Yp4oTjZ+

Score
10/10
lucastealerspywarestealer

Malware Config

Targets

    • Target

      rswin.exe

    • Size

      5.6MB

    • MD5

      59ff6641dea3e3d3e2e6abd3e1ccb357

    • SHA1

      533f88a140383aaaf735b62d550b02bb2705db42

    • SHA256

      303bc7a7372b58fcf86cec6e3f64c68ae8d0d4005ba456f1a3d083ad554fe6ef

    • SHA512

      58b10df383b6ecf8dfcd8e5e23b82b88e61af34ae2b2eb6607423858ad43ef5c8f82c7c882ca63b10fd60f62b85dc18a213857598bbf7bf82c71528a4eb8591b

    • SSDEEP

      49152:ucLMXimdb4cv+oUX63PWbo1OI83xGXgn5KnK8ICuasCDZ+X6vR7e73UK56xmDpfY:PEiKisj8EjIhW8Yp4oTjZ+

    Score
    10/10
    lucastealerspywarestealer

    • Luca Stealer

      Info stealer written in Rust first seen in July 2022.

      stealerlucastealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks