Overview

overview

10

Static

static

10

62d916dabd...1d.exe

windows7-x64

10

62d916dabd...1d.exe

windows10-2004-x64

10

Resubmissions

19-01-2023 16:50

230119-vcchmsde7t 10

23-11-2022 13:12

221123-qfhfvadh33 8

Analysis

  • max time kernel
    90s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-01-2023 16:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    62d916dabdf433ec7d4b0b90d681591d.exe

  • Size

    18.3MB

  • MD5

    62d916dabdf433ec7d4b0b90d681591d

  • SHA1

    3f833c77fe193cf15741d88a62febc23bce63f09

  • SHA256

    ba06284f5208e6e05a4568fa4bffb05661d73a8e0be9a7dca5bed98244bcc097

  • SHA512

    e91119edf7b168fc9e4f41f06562ca4d6d75941eb9eeafd20d4452dccbf7c23db8563433d8b417c143603a90e16335dcd33325dfb10e8a541e0ba26ab41e0dad

  • SSDEEP

    98304:tMSVESq5NpATf0g1QIk8y2EG9DcFk4GX6jnX+ITWFRImg0cHqwh4C4t/wpDm7qCd:aSSSpQIksDu9Zb7mg0mjh3jDdDP0

Score
10/10
lucastealerstealer

Malware Config

Extracted

Family

lucastealer

C2

https://api.telegram.org/bot5740238611:AAESHdmffXlJNV7SD6-YjfXQmsg5jsSWb3Y

Signatures

  • Luca Stealer

    Info stealer written in Rust first seen in July 2022.

    stealerlucastealer
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\62d916dabdf433ec7d4b0b90d681591d.exe
    "C:\Users\Admin\AppData\Local\Temp\62d916dabdf433ec7d4b0b90d681591d.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3540
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\UIServices.exe Start UIServices.exe
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1544
      • C:\Users\Admin\AppData\Local\Temp\UIServices.exe
        C:\Users\Admin\AppData\Local\Temp\UIServices.exe Start UIServices.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:4888

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\UIServices.exe
    Filesize

    6.0MB

    MD5

    03e3758f3e8f9b41c4482418dfc7f949

    SHA1

    a9567f232d2a7511015af599b9703d34afcb5c8a

    SHA256

    9c2cb8a7798c29f281cd0e03488aec0387bbceceff300f6ca8366612405d55e4

    SHA512

    31e4a96689cf1e910df06f54cc676ab02600f61c30c4ce46c94d722646bf672c62fa4d41e39602ede25e74aaf73a148e66f9a42b90d60f06ba6ce2439f4d7eae

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\UIServices.exe
    Filesize

    6.0MB

    MD5

    03e3758f3e8f9b41c4482418dfc7f949

    SHA1

    a9567f232d2a7511015af599b9703d34afcb5c8a

    SHA256

    9c2cb8a7798c29f281cd0e03488aec0387bbceceff300f6ca8366612405d55e4

    SHA512

    31e4a96689cf1e910df06f54cc676ab02600f61c30c4ce46c94d722646bf672c62fa4d41e39602ede25e74aaf73a148e66f9a42b90d60f06ba6ce2439f4d7eae

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\VCRUNTIME140.dll
    Filesize

    99KB

    MD5

    7a2b8cfcd543f6e4ebca43162b67d610

    SHA1

    c1c45a326249bf0ccd2be2fbd412f1a62fb67024

    SHA256

    7d7ca28235fba5603a7f40514a552ac7efaa67a5d5792bb06273916aa8565c5f

    SHA512

    e38304fb9c5af855c1134f542adf72cde159fab64385533eafa5bb6e374f19b5a29c0cb5516fc5da5c0b5ac47c2f6420792e0ac8ddff11e749832a7b7f3eb5c8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\vcruntime140.dll
    Filesize

    99KB

    MD5

    7a2b8cfcd543f6e4ebca43162b67d610

    SHA1

    c1c45a326249bf0ccd2be2fbd412f1a62fb67024

    SHA256

    7d7ca28235fba5603a7f40514a552ac7efaa67a5d5792bb06273916aa8565c5f

    SHA512

    e38304fb9c5af855c1134f542adf72cde159fab64385533eafa5bb6e374f19b5a29c0cb5516fc5da5c0b5ac47c2f6420792e0ac8ddff11e749832a7b7f3eb5c8

    Download Submit

  • memory/1544-132-0x0000000000000000-mapping.dmp

    Download

  • memory/4888-133-0x0000000000000000-mapping.dmp

    Download