lucastealer | 85edef24a66c5400325643150da1de646996947cbff6f3fada987867a70655d6

Resubmissions

14-10-2023 23:00

231014-2y4mkscd2y 10

14-10-2023 22:58

231014-2xw64seb43 10

14-10-2023 04:03

231014-emwfhaff5x 10

Analysis

max time kernel
38s
max time network
19s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
14-10-2023 23:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

85edef24a66c5400325643150da1de646996947cbff6f3fada987867a70655d6_JC.exe
Size

2.8MB
MD5

723a599e70812b9aa02beb8ba5ecd258
SHA1

25b72aa419fca1ecb094e65215fbc34bcf3566c8
SHA256

85edef24a66c5400325643150da1de646996947cbff6f3fada987867a70655d6
SHA512

d73768a8f43d4707fdf6e329d0a58bd15b144916db6509b48ccde0ac075bdccdade1cca369c0123a1e1edd9f7b71be5d893462875685ddf8347014ce48b59c10
SSDEEP

49152:jCfDVSuEDBxOGNDHw3eO/t578Or4loBkGIEQoPYk41Rwr/WRnqmU0wYF:eb0fZC3eO/t3r4loB2oPewzWqT0wYF

Score

10^/10

lucastealer stealer

Malware Config

Extracted

Family

lucastealer

https://api.telegram.org/bot6144496200:AAG-IIb4TPBPT1INBnZWa7iLZBVaG67I2mE

Signatures

Luca Stealer
Info stealer written in Rust first seen in July 2022.
stealer lucastealer

Luca Stealer payload 3 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2420-2-0x0000000140000000-0x00000001406EB000-memory.dmp	family_lucastealer
behavioral1/memory/2420-6-0x0000000140000000-0x00000001406EB000-memory.dmp	family_lucastealer
behavioral1/memory/2420-10-0x0000000140000000-0x00000001406EB000-memory.dmp	family_lucastealer

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

Processes:

85edef24a66c5400325643150da1de646996947cbff6f3fada987867a70655d6_JC.exe

pid	process
2420	85edef24a66c5400325643150da1de646996947cbff6f3fada987867a70655d6_JC.exe
2420	85edef24a66c5400325643150da1de646996947cbff6f3fada987867a70655d6_JC.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

85edef24a66c5400325643150da1de646996947cbff6f3fada987867a70655d6_JC.exe

pid process

2420 85edef24a66c5400325643150da1de646996947cbff6f3fada987867a70655d6_JC.exe

C:\Users\Admin\AppData\Local\Temp\85edef24a66c5400325643150da1de646996947cbff6f3fada987867a70655d6_JC.exe
"C:\Users\Admin\AppData\Local\Temp\85edef24a66c5400325643150da1de646996947cbff6f3fada987867a70655d6_JC.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
PID:2420

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2420-3-0x0000000077E40000-0x0000000077E42000-memory.dmp

Filesize
8KB

Download
memory/2420-2-0x0000000140000000-0x00000001406EB000-memory.dmp

Filesize
6.9MB

Download
memory/2420-0-0x0000000077E40000-0x0000000077E42000-memory.dmp

Filesize
8KB

Download
memory/2420-5-0x0000000077E40000-0x0000000077E42000-memory.dmp

Filesize
8KB

Download
memory/2420-6-0x0000000140000000-0x00000001406EB000-memory.dmp

Filesize
6.9MB

Download
memory/2420-10-0x0000000140000000-0x00000001406EB000-memory.dmp

Filesize
6.9MB

Download