lucastealer | 871d31c0afc5cc10080d680ee474590b85d903c7f4ef0e2d1da30ce41b39ba4c

Sharing

Copy URL

Twitter E-mail

General

Target

Venom Cracked 2.7.0.0 2.rar
Size

14.0MB
Sample

230217-mk2thaee2z
MD5

6682ae10c0df530894b8be8645024bfb
SHA1

5e9873e0b285f94d7c362f644aa7cd31bdce77e6
SHA256

871d31c0afc5cc10080d680ee474590b85d903c7f4ef0e2d1da30ce41b39ba4c
SHA512

5af8d84274cea7243e972632f94e7c8d6df215af2614002864e61bfd2b33c33ed2f8b74ce66e58254ff25e194c30d03773b2c12f8fcb78822c88e3a75448e0a6
SSDEEP

196608:um99OketQPvWprH5Kh5hz8xSAiYVfiknGeEKUC4ssRQI68aTdyIOK2riLex1mqX9:xkzm5hw46fxG7KN4IIKkK2LFEMp

Score

10^/10

Malware Config

Extracted

Family

quasar

Attributes

reconnect_delay
5000

Extracted

Family

lucastealer

https://api.telegram.org/bot5798214226:AAEtDAC9RFjL7TuqpdnFECmBJAay7aTl2tc

Targets

- Target
  
  Venom Cracked 2.7.0.0/AntiRE.Runtime.dll
- Size
  
  39KB
- MD5
  
  e87b398e82b117bb7899ddec8f83a2a1
- SHA1
  
  cf30467d1ff110998c38f572087c839d9bae3e67
- SHA256
  
  a480be8626153022278931e06ea8b01e7c6e8893ef640aeefff44a633daa874f
- SHA512
  
  0789b3c2a8f669a545e811c67dd96cb6a6c9b6557719557b6d0e51805f67a6548357134045aec83da5ad94c8f4b7d3df863df4314500c2fe7dcf1a68c869f2bc
- SSDEEP
  
  768:S+2sYDfg/pQlSa+klyVlKHubbBjlinHEhFDB93wEP:S+rYDfcpQoa+kAlKObdMk73R
Score

1^/10
behavioral1 behavioral2
- Target
  
  Venom Cracked 2.7.0.0/BouncyCastle.Crypto.dll
- Size
  
  2.5MB
- MD5
  
  f0b3e112ce4807a28e2b5d66a840ed7f
- SHA1
  
  54a6743781fd4ceb720331fce92f16186931192d
- SHA256
  
  333903c7d22a27098e45fc64b77a264aa220605cfbd3e329c200d7e4b42c881c
- SHA512
  
  dc8ec9754c5e86f7e54e75ff3e5859c1b057f90e9c41788037b944a5db2cb3b70060763d0efcbe55ec595bcc47a9c0ff847a4876821470ca1659c31afd5b0190
- SSDEEP
  
  49152:OSSJ+G1PjodumkjD6Oc0mqHZwueCtbu9kQN:6xodumo6Lr
Score

1^/10
behavioral3 behavioral4
- Target
  
  Venom Cracked 2.7.0.0/Builder.exe
- Size
  
  3.5MB
- MD5
  
  15a33df64cba23643fa9e4585c7b036f
- SHA1
  
  8f0f7b11935d97738af92ea14bc568fe8aa81350
- SHA256
  
  30fa591984d03b20f66ae6392d96c69d5861dbf1813c5230204310a93aea5c78
- SHA512
  
  8eb5221844147882019dae094979b4e43f17cb256c9f689c64b337a4f83ef8325e9d9d9cb948bf5a88beda2b71a1688b87af5fe318240a394d15a6be2d2adfe8
- SSDEEP
  
  98304:2WBZRr5nJ9NnqrcTOMSAdnLOOY6cy+XFjbpkiZ3k:2WBZR9n5ulMSmnaOLmXpbpLi
Score

10^/10

lucastealer spyware stealer
- Luca Stealer
  Info stealer written in Rust first seen in July 2022.
  stealer lucastealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral5 behavioral6
- Target
  
  Venom Cracked 2.7.0.0/Bunifu.Dataviz.WinForms.dll
- Size
  
  311KB
- MD5
  
  e86d9c511b4eec93f2049094aa3a780a
- SHA1
  
  1ae09730d95f0c9833502dd3c2a02edf0e423840
- SHA256
  
  d60260ac26ee79d4d52eca838362b8fe3f77b13748e6a8a9fb4b25b7f2740861
- SHA512
  
  be6b58b707d7b4865cce22b900313a8d3999ffc84ad1337ebbc97d9cdc57410e35213762d1e024e654bf3526bcbf458a725fc070e4069519e83da5cd1ed26e97
- SSDEEP
  
  6144:Vp15Nq153ZVW4yHd0mMaeY2wvGLlfI1WQ0hshRy+dL2dmZ76+VmJ:Vp1k3GdHz32IGLQE6Ry02dmZWLJ
Score

1^/10
behavioral7 behavioral8
- Target
  
  Venom Cracked 2.7.0.0/Bunifu.Licensing back.dll
- Size
  
  952KB
- MD5
  
  8836edb783ce89ca6481c297772325bc
- SHA1
  
  6968c977f594930543ec296ad00322e998129a6a
- SHA256
  
  cfa1993c3e7272b3aee610634592c26beaf8e573ac9d3c59695e35a5d2372b17
- SHA512
  
  34f07f52e43296e0b3e084857270a8375faf50e2b6cd9522a572efb90de38a3f27b9727861e0258149ed13bd96e114175c9d1d237b0ef97ad4fa53e119ce7f36
- SSDEEP
  
  12288:ZjeSIgE+K5HzlwsHTQwEKaAn9BRWTCbsIgbEpzre+TZjGAfR4J:Zjvs+K5HTJaAn9Bw+rgopWa/uJ
Score

1^/10
behavioral10 behavioral9
- Target
  
  Venom Cracked 2.7.0.0/Bunifu.Licensing.dll
- Size
  
  952KB
- MD5
  
  e1ac1fb368968bc2b93ad0dce092feae
- SHA1
  
  ebbe3e24c92e6f48851b8baa31d3652d922f14eb
- SHA256
  
  2b14b242e1f07081406b24a032fb4d29413e10b9f9760d1c3d06bdcec0615c94
- SHA512
  
  f8b299a97cf67f8526b31ab86191e147c74a05bb664eea00a032b93f695199a82652470e121040721491993ec621c64158bade0d623b2eac7fb59982ffa346df
- SSDEEP
  
  12288:yBCSIgE+K5HzlwsHTQwEKaAn9BRWTCbsIgbEpzre+TZjGAfggY:yBzs+K5HTJaAn9Bw+rgopWa/zY
Score

1^/10
behavioral11 behavioral12
- Target
  
  Venom Cracked 2.7.0.0/Bunifu.UI.WinForms.1.5.3.dll
- Size
  
  344KB
- MD5
  
  b4280d2898d92ab5c3911f0305d7672f
- SHA1
  
  0ef4d6fa24811cea3cb36fccbc45d71e1effb17d
- SHA256
  
  e2248459dcc95183d0f0c5f3abd3b0a2b93cd26cf8e130a1f43c8b32c58f4c8f
- SHA512
  
  2c719c32144ce2968123dc8e3a6f61f70460e463ba9b3681dc86e124af1343d08e574f7313339ecef4b88f95d2fd9ad56462f0f9e5f9f51ba5de6ba19559af2e
- SSDEEP
  
  6144:m6BxSPUIfFVoPH+GBhvPb8g2iYcHIc7RPqEev3djE5ydvmW:vxSsIfFieGjb8ncHFqEevNjE5ydvN
Score

1^/10
behavioral13 behavioral14
- Target
  
  Venom Cracked 2.7.0.0/Bunifu.UI.WinForms.BunifuButton.dll
- Size
  
  108KB
- MD5
  
  c6fd99c29c713a913cda9089d021087a
- SHA1
  
  93f52b386bc2d06b1f0853277a94223eca236a25
- SHA256
  
  bec319841448cbc594eb9cfa32e5af950ea81f5277c29a3b693884923b5c5de4
- SHA512
  
  d26c092614158e5193459c4f37e7a7aa3be1efe82d5299df08d4d9ffcaffdb19873c0382c2b9628cf28f15ba0f1b13264855e6c330689888f37d7f27b6d64483
- SSDEEP
  
  3072:boi6D+NfJoqK3E6f2ih0xdGzFpzUHgmvE9ZshCcU7P0tbSInIKm:k+NfJoqK3E6f2ih0xdGzFpzUHgmvEQC5
Score

1^/10
behavioral15 behavioral16
- Target
  
  Venom Cracked 2.7.0.0/Bunifu.UI.WinForms.BunifuCheckBox.dll
- Size
  
  103KB
- MD5
  
  e83283df782b2383376639b056922542
- SHA1
  
  545bcd3a7b254c97eebfa7c6d05ffc1b09b981d9
- SHA256
  
  1458e703cdad6ff2cff74530d77ce79523e35d3482e78a2fada154d576306324
- SHA512
  
  a3c2d534576dc6d0b996990e395827bc89758ecb27785d9fb1702d9e7c3a3352d2d0cdd3b6d13b12d79639baa4322a4cdbae69c7c3b638efa9c7ee7bb768d8df
- SSDEEP
  
  1536:VZfF2unQdWxsOQ8TmoeW9B6Ylw9oGMtWUNVLeOT+b:VZfF2uncWKVWbxlPDNVLeOE
Score

1^/10
behavioral17 behavioral18
- Target
  
  Venom Cracked 2.7.0.0/Bunifu.UI.WinForms.BunifuCircleProgress.dll
- Size
  
  78KB
- MD5
  
  81361e066dde2accef1a102884a0ebe4
- SHA1
  
  444d108877e23f60f30238e81dbc09f44d45769e
- SHA256
  
  0bd33cf4f96e1fc820ec8b5ffe2797ff3d62ad5edcbbeab73ce294b62e637e88
- SHA512
  
  d70fde9d6887c26e69bc337a5b672ab56dbf99a46204ab31abd260bd5ff5f6b586696dec91b5ff77b0a00ee9b984d4c8f0f7096b6738a82c24ddcd4302670f70
- SSDEEP
  
  768:jrgJets3KUQ2xWAo1frSBaq4Icbu431B5TlTWfWcyz6uQdKVIB+dZU6qnpnCizKD:f3OxLo12T45lTofo6u6BSFmC+a
Score

1^/10
behavioral19 behavioral20
- Target
  
  Venom Cracked 2.7.0.0/Bunifu.UI.WinForms.BunifuColorTransition.dll
- Size
  
  39KB
- MD5
  
  cc3889bccd5be70475764b1aaf9290c1
- SHA1
  
  2b1fc0429b380e4d1caca9f53cb1b1897af8f41e
- SHA256
  
  0ba45a3be176e38ec684ae91ee844d577d1feaae630201c5987c09f9430c7220
- SHA512
  
  1d68767c8f4781487d0de7db59fc90ff692fa72c70efc7595f0d2273a78074de545a75a55ac0f3a30f53ca529e00949d2d19dea87865b1db721002d72472dad7
- SSDEEP
  
  768:SmWv0qVnsF0iAzNIerqvUasM/3aFizKgqpt:Sm40qVsF5+6erqv/e+gt
Score

1^/10
behavioral21 behavioral22
- Target
  
  Venom Cracked 2.7.0.0/Bunifu.UI.WinForms.BunifuDataGridView.dll
- Size
  
  84KB
- MD5
  
  d1c227686371e173d2267f20a3c06b76
- SHA1
  
  5fb1138b17b22176e71b98dee5de19686552ca85
- SHA256
  
  2f6dd34fb90348521bd3431bc2f67453c56e26097bdaa794499785513e528a23
- SHA512
  
  fa8b7dc705780317edfce5d5d9a23129cfc439ee61b0fcacf88297286cfcafd3e67c76b07499c76961144b5ef629e7a0e207b17b2152c8251d5b493c14fe9d33
- SSDEEP
  
  1536:LhYl11QcPMwNOzrgVQNfW2V65H8n+FuT0Roy2w+Ti8F+T9:LCl1Cg6Wn5c+FkI8g
Score

1^/10
behavioral23 behavioral24
- Target
  
  Venom Cracked 2.7.0.0/Bunifu.UI.WinForms.BunifuDatePicker.dll
- Size
  
  51KB
- MD5
  
  fd0a9c7f21186bebc738e725d417edc7
- SHA1
  
  6e414f27a47307ca28f63d484d675564eb81e457
- SHA256
  
  3f135f7cd7631b2d5190df7a28d9f274d150d5da5e1ba430676740f8c9adce04
- SHA512
  
  c1ee20b431cd3b0bc659d38c7b858d60290b8c1c5886d19ad83d74d341423413bf9cc1a084cd075f63ccb86609058120891f11a95f1844c94ee2c08f29325636
- SSDEEP
  
  768:oQ+huajREGm36O8Fwyq/uAFeuRHONhlq9C2IE7W9YkDu129FQu0A0TxND3KtcQ0P:wEjz/AGkRGUXpGCy5+U
Score

1^/10
behavioral25 behavioral26
- Target
  
  Venom Cracked 2.7.0.0/Bunifu.UI.WinForms.BunifuDropdown.dll
- Size
  
  51KB
- MD5
  
  471a5a1a62aa63c7ff1c4a6e999264d7
- SHA1
  
  b25e34efee8df21b368aefa31b43ff0347465234
- SHA256
  
  0e1ebb9be3d341f94c8d0f053a352b28b0ac97c61be2222768b449732b290806
- SHA512
  
  2a936d249e244d7717d567ed80aaff04a0ae481ac11f4d0fe5512f872d325629fd9e30885cef07fa61763e0e66424a52afe7056218bea6a96e28f23d1b44091f
- SSDEEP
  
  768:ByuiR8j8e5ToRtNjCLVzv/8miWvkMFhJudnYizKgu:rroehoR/jcHYWvh4Y+U
Score

1^/10
behavioral27 behavioral28
- Target
  
  Venom Cracked 2.7.0.0/Bunifu.UI.WinForms.BunifuFormDock.dll
- Size
  
  103KB
- MD5
  
  d215dbed519c26bfc900758b0a7cf00b
- SHA1
  
  676c4ad890920246e0ea4a17e1f506b9df7ac4da
- SHA256
  
  417806116d0f2866beae7bf9c82d6c9facd2df6e9804e2e349e8b7ea4b158102
- SHA512
  
  69d15969d6861a526cb476b956a681aad91c66d9d5ffcf3cf56778bdacf831dd9586f9aa326d15448d67af404445812ddbb67e7f06a6562d3deef168cd3fc124
- SSDEEP
  
  3072:fPNi/TxTaLau8gqnZ9Px4f9G0rBHbrIdBvK9v:fPNi/TxQLBbrI3Sh
Score

1^/10
behavioral29 behavioral30
- Target
  
  Venom Cracked 2.7.0.0/Bunifu.UI.WinForms.BunifuGauge.dll
- Size
  
  75KB
- MD5
  
  37a23bd95513116840bdd004e5d0623a
- SHA1
  
  3fbe3837b74dc4daa6721b6c4699f75e6a40ba45
- SHA256
  
  8dff8f9329374d8f70305e4d11ff47346c9c04ab41fa402d19b3e3647752c5b1
- SHA512
  
  98d82d1b0938e8c86b7e46bcf1844754dcfff00b182987791b48b270094e67decb8681d4a1c67d15c175ee0cf34a5642b249132091c735967421fa5cdafdc54e
- SSDEEP
  
  768:uAjNqLyRFsQeJQCN6P3rytN/B3i7VV6DtSOIDjhUlpnkumjriCR7SsadY69SGFHy:zngGWAkXlTLCdA6wkgnMrsYnS+R
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

T1053

Persistence

Scheduled Task

T1053

Privilege Escalation

Scheduled Task

T1053

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Luca Stealer

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Looks up external IP address via web service

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32