Resubmissions

22-10-2023 04:26

231022-e2zfpsfa72 10

21-10-2023 21:13

231021-z27gjacf54 10

General

  • Target

    NEAS.13d37451cb332802b88bd5684f8a9f90.exe

  • Size

    4.6MB

  • Sample

    231022-e2zfpsfa72

  • MD5

    13d37451cb332802b88bd5684f8a9f90

  • SHA1

    19c367dca209aff91e39aaedaa021e0c957502d0

  • SHA256

    d881663244daab00c57fb1715aef3ce183da334236670ea520bbf0fd198a4b3d

  • SHA512

    e38eadd8628cc6d6d8e0ef8538635328ec8d62292b1672fbc8a18c974fc1393879102746006ef5a13f1e52bbe4bf692e3111f54110427e4805e7a231b94c741a

  • SSDEEP

    49152:CYhJZoQrbTFZY1ia/N8kHLlkMROX1lW68ZM5mmhD+SbilzCUWCLcMldpxruKihtB:zhtrbTA1OiWXLW6jRhdGVQguhhW31Z4

Malware Config

Extracted

Family

lucastealer

C2

https://api.telegram.org/bot6068798932:AAG_cHiqinDwNZ3Hd-rdp8tPwbT0czdVwTw

Targets

    • Target

      NEAS.13d37451cb332802b88bd5684f8a9f90.exe

    • Size

      4.6MB

    • MD5

      13d37451cb332802b88bd5684f8a9f90

    • SHA1

      19c367dca209aff91e39aaedaa021e0c957502d0

    • SHA256

      d881663244daab00c57fb1715aef3ce183da334236670ea520bbf0fd198a4b3d

    • SHA512

      e38eadd8628cc6d6d8e0ef8538635328ec8d62292b1672fbc8a18c974fc1393879102746006ef5a13f1e52bbe4bf692e3111f54110427e4805e7a231b94c741a

    • SSDEEP

      49152:CYhJZoQrbTFZY1ia/N8kHLlkMROX1lW68ZM5mmhD+SbilzCUWCLcMldpxruKihtB:zhtrbTA1OiWXLW6jRhdGVQguhhW31Z4

    • Luca Stealer

      Info stealer written in Rust first seen in July 2022.

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • Modifies Installed Components in the registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

MITRE ATT&CK Enterprise v15

Tasks