Overview

overview

10

Static

static

1

Venom Crac....0.rar

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Venom Cracked 2.7.0.0.rar

  • Size

    14.0MB

  • Sample

    230420-ytf4yaea7x

  • MD5

    6682ae10c0df530894b8be8645024bfb

  • SHA1

    5e9873e0b285f94d7c362f644aa7cd31bdce77e6

  • SHA256

    871d31c0afc5cc10080d680ee474590b85d903c7f4ef0e2d1da30ce41b39ba4c

  • SHA512

    5af8d84274cea7243e972632f94e7c8d6df215af2614002864e61bfd2b33c33ed2f8b74ce66e58254ff25e194c30d03773b2c12f8fcb78822c88e3a75448e0a6

  • SSDEEP

    196608:um99OketQPvWprH5Kh5hz8xSAiYVfiknGeEKUC4ssRQI68aTdyIOK2riLex1mqX9:xkzm5hw46fxG7KN4IIKkK2LFEMp

Score
10/10
lucastealeragilenetspywarestealer

Malware Config

Extracted

Family

lucastealer

C2

https://api.telegram.org/bot5798214226:AAEtDAC9RFjL7TuqpdnFECmBJAay7aTl2tc

Targets

    • Target

      Venom Cracked 2.7.0.0.rar

    • Size

      14.0MB

    • MD5

      6682ae10c0df530894b8be8645024bfb

    • SHA1

      5e9873e0b285f94d7c362f644aa7cd31bdce77e6

    • SHA256

      871d31c0afc5cc10080d680ee474590b85d903c7f4ef0e2d1da30ce41b39ba4c

    • SHA512

      5af8d84274cea7243e972632f94e7c8d6df215af2614002864e61bfd2b33c33ed2f8b74ce66e58254ff25e194c30d03773b2c12f8fcb78822c88e3a75448e0a6

    • SSDEEP

      196608:um99OketQPvWprH5Kh5hz8xSAiYVfiknGeEKUC4ssRQI68aTdyIOK2riLex1mqX9:xkzm5hw46fxG7KN4IIKkK2LFEMp

    Score
    10/10
    lucastealeragilenetspywarestealer

    • Luca Stealer

      Info stealer written in Rust first seen in July 2022.

      stealerlucastealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

3
T1012

System Information Discovery

3
T1082

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks