lucastealer | 6a292b1db13521d69a235cad26fc3a1b440d914f34903ae6ec2629df85022fa9 | Triage

Submit
Reports

Overview

overview

Static

static

5

Generic Pa...64.exe

windows10-2004-x64

Sharing

General

Target

Generic Patch-Smeagol-TheRadziu-x64.exe
Size

4.5MB
Sample

230824-b8n2rsae7y
MD5

702f014a9a2fd33905fbcbcfd2ea7012
SHA1

39f9c29d3991209b36c0c857975c7a2d85980d4a
SHA256

6a292b1db13521d69a235cad26fc3a1b440d914f34903ae6ec2629df85022fa9
SHA512

b24cc67150b90aad0f85473ff1df892ce55570518313ddee559d9470c42076314d150e22727052b951fdf780b7e8f35326835cb6013a9ddcef6a3f93210d53e3
SSDEEP

98304:zgtrbTA1Y3C+Ni0iKD6vXLW6jRhdGVQguhhW31ZH:z2c1Yy8iDL5LdGVzu+lJ

Score

10^/10

lucastealer evasion persistence stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Generic Patch-Smeagol-TheRadziu-x64.exe

Resource

win10v2004-20230703-en

lucastealer evasion persistence stealer

windows10-2004-x64

19 signatures

300 seconds

Malware Config

Extracted

Family

lucastealer

C2

https://api.telegram.org/bot6068798932:AAG_cHiqinDwNZ3Hd-rdp8tPwbT0czdVwTw

Targets

- Target
  
  Generic Patch-Smeagol-TheRadziu-x64.exe
- Size
  
  4.5MB
- MD5
  
  702f014a9a2fd33905fbcbcfd2ea7012
- SHA1
  
  39f9c29d3991209b36c0c857975c7a2d85980d4a
- SHA256
  
  6a292b1db13521d69a235cad26fc3a1b440d914f34903ae6ec2629df85022fa9
- SHA512
  
  b24cc67150b90aad0f85473ff1df892ce55570518313ddee559d9470c42076314d150e22727052b951fdf780b7e8f35326835cb6013a9ddcef6a3f93210d53e3
- SSDEEP
  
  98304:zgtrbTA1Y3C+Ni0iKD6vXLW6jRhdGVQguhhW31ZH:z2c1Yy8iDL5LdGVzu+lJ
Score

10^/10

lucastealer evasion persistence stealer
- Luca Stealer
  Info stealer written in Rust first seen in July 2022.
  stealer lucastealer
- Luca Stealer payload
- Modifies WinLogon for persistence
  persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Modifies Installed Components in the registry
  persistence
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Scheduled Task/Job

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lucastealerevasionpersistencestealer

© 2018-2024

Terms | Privacy