lucastealer | 841f53fc09a19fc5edd5e18ef724432e14abadbd3aa040c248b2daeb84c98ab5 | Triage

Sharing

General

Target

xone.crack.rar
Size

1.7MB
Sample

240218-kvbzqagf35
MD5

2296fb98f59c1838a2d0be321d48d75a
SHA1

dfd35f27d572c07d55bef988dc2e039d47315f47
SHA256

841f53fc09a19fc5edd5e18ef724432e14abadbd3aa040c248b2daeb84c98ab5
SHA512

1bd577a3340281bed1c1cde6ee65eae31f11994e67fa7a594fecef6d31e36589ff495d46a8daff41ae15f185fbefd88c49d8042ca8ed0d536f4bd868bef8ebf6
SSDEEP

49152:UWm6d5sOY8JFCXBqKkcKdJKG900cMfx3J48HTWronskPZ:06rsECXmcysGGUfJ6QT1R

Score

10^/10

lucastealer spyware stealer

Malware Config

Targets

- Target
  
  xone.crack.rar
- Size
  
  1.7MB
- MD5
  
  2296fb98f59c1838a2d0be321d48d75a
- SHA1
  
  dfd35f27d572c07d55bef988dc2e039d47315f47
- SHA256
  
  841f53fc09a19fc5edd5e18ef724432e14abadbd3aa040c248b2daeb84c98ab5
- SHA512
  
  1bd577a3340281bed1c1cde6ee65eae31f11994e67fa7a594fecef6d31e36589ff495d46a8daff41ae15f185fbefd88c49d8042ca8ed0d536f4bd868bef8ebf6
- SSDEEP
  
  49152:UWm6d5sOY8JFCXBqKkcKdJKG900cMfx3J48HTWronskPZ:06rsECXmcysGGUfJ6QT1R
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2
- Target
  
  injectorPH.dll
- Size
  
  1KB
- MD5
  
  8a1a2b80eb699d9471a43537d1525155
- SHA1
  
  ae010b78d87a144fe09a9d4b539dffd65268413c
- SHA256
  
  285c18b00d948c910f25704f4651154fc14b9a45d97467c311bb2ff0080d03b9
- SHA512
  
  2d028f2e35af4f93a73c07013360164d87ac0673fb0c4f1e004b15d375b930c1763d9f7a5b211fa3997ebf80c2885429beb4ef1c4ee7b56e3712e21869bd1bb3
Score

1^/10
behavioral3 behavioral4
- Target
  
  timesubscription 365.c
- Size
  
  5KB
- MD5
  
  58e41fe321da39e3060357e16acca2e0
- SHA1
  
  fc0281f0332f9a9a17eb241f51c84ad872b2f71a
- SHA256
  
  4ac0ef00b7021810d4b278b7224ee0b4af55c42f1f8c77d468d84ef5070e3804
- SHA512
  
  3633f7ecb7eeb72c60f5f33d367c41fed40deabbcc720d9cf212b5e11f1efa416f7e2dae3662b3589451ae8437a5888fecfc035423c094b2e88f6751c35a3dfd
- SSDEEP
  
  96:snn0dWKYG50EsnRG5rtIJ5+g/ipxFqVNxPOqh6af71Hlf3I4:gnvpk0rnRG1tIJb4xFCxP+afjQ4
Score

3^/10
behavioral5 behavioral6
- Target
  
  xone.crack.exe
- Size
  
  4.3MB
- MD5
  
  d8ce4ef56ff10aa1a9625d76509993bc
- SHA1
  
  a032f36290695d1f8f744d188d025993d62b1dab
- SHA256
  
  ab714198bd03a5b9577fe4f974f08eb8bc4d63de51ace8964f2dbc279c1c2f86
- SHA512
  
  84f2f1e205f90b2c48304481f300c7dd171a59f9f2fdbae00279578aae2164e0db162c78d75024779064728f47e98de49a67a9d6b5b14e80f1d650b8c11d9e83
- SSDEEP
  
  49152:XJzG4XQxvHUmPbLHzDJLwvGEzgFuDOkWHYgEETBLunBwHAN5CHhCwoqmDuxZs8Dz:RkvHUmv1+Ge0Yh4voqmDu0WxcyRZmH
Score

10^/10

lucastealer spyware stealer
- Luca Stealer
  Info stealer written in Rust first seen in July 2022.
  stealer lucastealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral7 behavioral8

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

lucastealerspywarestealer