Resubmissions
14-10-2023 23:00
231014-2y4mkscd2y 1014-10-2023 22:58
231014-2xw64seb43 1014-10-2023 04:03
231014-emwfhaff5x 10Analysis
-
max time kernel
38s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
14-10-2023 23:00
Static task
static1
Behavioral task
behavioral1
Sample
85edef24a66c5400325643150da1de646996947cbff6f3fada987867a70655d6_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
85edef24a66c5400325643150da1de646996947cbff6f3fada987867a70655d6_JC.exe
Resource
win10v2004-20230915-en
General
-
Target
85edef24a66c5400325643150da1de646996947cbff6f3fada987867a70655d6_JC.exe
-
Size
2.8MB
-
MD5
723a599e70812b9aa02beb8ba5ecd258
-
SHA1
25b72aa419fca1ecb094e65215fbc34bcf3566c8
-
SHA256
85edef24a66c5400325643150da1de646996947cbff6f3fada987867a70655d6
-
SHA512
d73768a8f43d4707fdf6e329d0a58bd15b144916db6509b48ccde0ac075bdccdade1cca369c0123a1e1edd9f7b71be5d893462875685ddf8347014ce48b59c10
-
SSDEEP
49152:jCfDVSuEDBxOGNDHw3eO/t578Or4loBkGIEQoPYk41Rwr/WRnqmU0wYF:eb0fZC3eO/t3r4loB2oPewzWqT0wYF
Malware Config
Extracted
lucastealer
https://api.telegram.org/bot6144496200:AAG-IIb4TPBPT1INBnZWa7iLZBVaG67I2mE
Signatures
-
Luca Stealer
Info stealer written in Rust first seen in July 2022.
-
Luca Stealer payload 3 IoCs
Processes:
resource yara_rule behavioral1/memory/2420-2-0x0000000140000000-0x00000001406EB000-memory.dmp family_lucastealer behavioral1/memory/2420-6-0x0000000140000000-0x00000001406EB000-memory.dmp family_lucastealer behavioral1/memory/2420-10-0x0000000140000000-0x00000001406EB000-memory.dmp family_lucastealer -
Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
Processes:
85edef24a66c5400325643150da1de646996947cbff6f3fada987867a70655d6_JC.exepid Process 2420 85edef24a66c5400325643150da1de646996947cbff6f3fada987867a70655d6_JC.exe 2420 85edef24a66c5400325643150da1de646996947cbff6f3fada987867a70655d6_JC.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
85edef24a66c5400325643150da1de646996947cbff6f3fada987867a70655d6_JC.exepid Process 2420 85edef24a66c5400325643150da1de646996947cbff6f3fada987867a70655d6_JC.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\85edef24a66c5400325643150da1de646996947cbff6f3fada987867a70655d6_JC.exe"C:\Users\Admin\AppData\Local\Temp\85edef24a66c5400325643150da1de646996947cbff6f3fada987867a70655d6_JC.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
PID:2420