lucastealer | ee63e26e84d8092fda9e527f7db34777b6261d8dfc96ed42167383f88cf1c487 | Triage

Submit
Reports

Overview

overview

Static

static

ACNBZD.exe

windows10-1703-x64

ACNBZD.exe

windows10-2004-x64

Sharing

General

Target

ACNBZD.exe
Size

5.9MB
Sample

230823-2ncfcagb53
MD5

021079dc0918b9c7359e93e770678000
SHA1

70c03da6f7b339340b1943f5d0b7b1fd87579adf
SHA256

ee63e26e84d8092fda9e527f7db34777b6261d8dfc96ed42167383f88cf1c487
SHA512

9bc14753e39f2c93737886439d64a458f08265d1d8176c233a8e3f864e1f4f2751b161aa22408618d0dd343fb88b7037c8c2eee898c6d9b3bf466aaea709c5b0
SSDEEP

49152:CYnF4XAvvLEDnAby0/1lzR+aJAyPfugmqNiEQG8+ECYoue5S58pzEIOh4xsPub7T:z7OryzzCJf0zBxMkeWg+O2

Score

10^/10

lucastealer evasion persistence stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

ACNBZD.exe

Resource

win10-20230703-en

lucastealer evasion persistence stealer

windows10-1703-x64

13 signatures

300 seconds

Behavioral task

behavioral2

Sample

ACNBZD.exe

Resource

win10v2004-20230703-en

lucastealer evasion persistence stealer

windows10-2004-x64

13 signatures

300 seconds

Malware Config

Extracted

Family

lucastealer

C2

https://api.telegram.org/bot6068798932:AAG_cHiqinDwNZ3Hd-rdp8tPwbT0czdVwTw

Targets

- Target
  
  ACNBZD.exe
- Size
  
  5.9MB
- MD5
  
  021079dc0918b9c7359e93e770678000
- SHA1
  
  70c03da6f7b339340b1943f5d0b7b1fd87579adf
- SHA256
  
  ee63e26e84d8092fda9e527f7db34777b6261d8dfc96ed42167383f88cf1c487
- SHA512
  
  9bc14753e39f2c93737886439d64a458f08265d1d8176c233a8e3f864e1f4f2751b161aa22408618d0dd343fb88b7037c8c2eee898c6d9b3bf466aaea709c5b0
- SSDEEP
  
  49152:CYnF4XAvvLEDnAby0/1lzR+aJAyPfugmqNiEQG8+ECYoue5S58pzEIOh4xsPub7T:z7OryzzCJf0zBxMkeWg+O2
Score

10^/10

lucastealer evasion persistence stealer
- Luca Stealer
  Info stealer written in Rust first seen in July 2022.
  stealer lucastealer
- Luca Stealer payload
- Modifies WinLogon for persistence
  persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Modifies Installed Components in the registry
  persistence
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lucastealerevasionpersistencestealer

behavioral2

lucastealerevasionpersistencestealer

© 2018-2024

Terms | Privacy