lucastealer | 5c716264acfa43a258fdb03007e2e787b230230e7e1d4d5bbcf256810b02909e | Triage

Sharing

General

Target

5c716264acfa43a258fdb03007e2e787b230230e7e1d4d5bbcf256810b02909e
Size

4.6MB
Sample

231120-jxyqtsee89
MD5

4fb226993825558cca2e8aa844033078
SHA1

f3fa3d94a7a01970a99f9dcf5fad250be30b8fd2
SHA256

5c716264acfa43a258fdb03007e2e787b230230e7e1d4d5bbcf256810b02909e
SHA512

c5ab520f0953ed53e682d811b6d51be11c4e831fa890913d1d2eb7ed03e2102c882f933f48bf8831b8ca5a605da7a98a6524b5a5cb6de1fd9d16351a2b53a2f8
SSDEEP

98304:utrbTA143lUrmaEXLW6jRhdGVQguhhW31Zo:Qc14IML5LdGVzu+la

Score

10^/10

lucastealer evasion persistence stealer

Malware Config

Extracted

Family

lucastealer

C2

https://api.telegram.org/bot6068798932:AAG_cHiqinDwNZ3Hd-rdp8tPwbT0czdVwTw

Targets

- Target
  
  5c716264acfa43a258fdb03007e2e787b230230e7e1d4d5bbcf256810b02909e
- Size
  
  4.6MB
- MD5
  
  4fb226993825558cca2e8aa844033078
- SHA1
  
  f3fa3d94a7a01970a99f9dcf5fad250be30b8fd2
- SHA256
  
  5c716264acfa43a258fdb03007e2e787b230230e7e1d4d5bbcf256810b02909e
- SHA512
  
  c5ab520f0953ed53e682d811b6d51be11c4e831fa890913d1d2eb7ed03e2102c882f933f48bf8831b8ca5a605da7a98a6524b5a5cb6de1fd9d16351a2b53a2f8
- SSDEEP
  
  98304:utrbTA143lUrmaEXLW6jRhdGVQguhhW31Zo:Qc14IML5LdGVzu+la
Score

10^/10

lucastealer evasion persistence stealer
- Luca Stealer
  Info stealer written in Rust first seen in July 2022.
  stealer lucastealer
- Modifies WinLogon for persistence
  persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Modifies Installed Components in the registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Scheduled Task/Job

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

lucastealerevasionpersistencestealer

behavioral2

lucastealerevasionpersistencestealer