General
-
Target
NEAS.13d37451cb332802b88bd5684f8a9f90.exe
-
Size
4.6MB
-
Sample
231022-e2zfpsfa72
-
MD5
13d37451cb332802b88bd5684f8a9f90
-
SHA1
19c367dca209aff91e39aaedaa021e0c957502d0
-
SHA256
d881663244daab00c57fb1715aef3ce183da334236670ea520bbf0fd198a4b3d
-
SHA512
e38eadd8628cc6d6d8e0ef8538635328ec8d62292b1672fbc8a18c974fc1393879102746006ef5a13f1e52bbe4bf692e3111f54110427e4805e7a231b94c741a
-
SSDEEP
49152:CYhJZoQrbTFZY1ia/N8kHLlkMROX1lW68ZM5mmhD+SbilzCUWCLcMldpxruKihtB:zhtrbTA1OiWXLW6jRhdGVQguhhW31Z4
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.13d37451cb332802b88bd5684f8a9f90.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
NEAS.13d37451cb332802b88bd5684f8a9f90.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
lucastealer
https://api.telegram.org/bot6068798932:AAG_cHiqinDwNZ3Hd-rdp8tPwbT0czdVwTw
Targets
-
-
Target
NEAS.13d37451cb332802b88bd5684f8a9f90.exe
-
Size
4.6MB
-
MD5
13d37451cb332802b88bd5684f8a9f90
-
SHA1
19c367dca209aff91e39aaedaa021e0c957502d0
-
SHA256
d881663244daab00c57fb1715aef3ce183da334236670ea520bbf0fd198a4b3d
-
SHA512
e38eadd8628cc6d6d8e0ef8538635328ec8d62292b1672fbc8a18c974fc1393879102746006ef5a13f1e52bbe4bf692e3111f54110427e4805e7a231b94c741a
-
SSDEEP
49152:CYhJZoQrbTFZY1ia/N8kHLlkMROX1lW68ZM5mmhD+SbilzCUWCLcMldpxruKihtB:zhtrbTA1OiWXLW6jRhdGVQguhhW31Z4
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Scheduled Task/Job
1