lucastealer | 841f53fc09a19fc5edd5e18ef724432e14abadbd3aa040c248b2daeb84c98ab5

General

Target

xone.crack.rar
Size

1.7MB
Sample

240218-kvbzqagf35
MD5

2296fb98f59c1838a2d0be321d48d75a
SHA1

dfd35f27d572c07d55bef988dc2e039d47315f47
SHA256

841f53fc09a19fc5edd5e18ef724432e14abadbd3aa040c248b2daeb84c98ab5
SHA512

1bd577a3340281bed1c1cde6ee65eae31f11994e67fa7a594fecef6d31e36589ff495d46a8daff41ae15f185fbefd88c49d8042ca8ed0d536f4bd868bef8ebf6
SSDEEP

49152:UWm6d5sOY8JFCXBqKkcKdJKG900cMfx3J48HTWronskPZ:06rsECXmcysGGUfJ6QT1R

Score

10^/10

Malware Config

Targets

- Target
  
  xone.crack.rar
- Size
  
  1.7MB
- MD5
  
  2296fb98f59c1838a2d0be321d48d75a
- SHA1
  
  dfd35f27d572c07d55bef988dc2e039d47315f47
- SHA256
  
  841f53fc09a19fc5edd5e18ef724432e14abadbd3aa040c248b2daeb84c98ab5
- SHA512
  
  1bd577a3340281bed1c1cde6ee65eae31f11994e67fa7a594fecef6d31e36589ff495d46a8daff41ae15f185fbefd88c49d8042ca8ed0d536f4bd868bef8ebf6
- SSDEEP
  
  49152:UWm6d5sOY8JFCXBqKkcKdJKG900cMfx3J48HTWronskPZ:06rsECXmcysGGUfJ6QT1R
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2
- Target
  
  injectorPH.dll
- Size
  
  1KB
- MD5
  
  8a1a2b80eb699d9471a43537d1525155
- SHA1
  
  ae010b78d87a144fe09a9d4b539dffd65268413c
- SHA256
  
  285c18b00d948c910f25704f4651154fc14b9a45d97467c311bb2ff0080d03b9
- SHA512
  
  2d028f2e35af4f93a73c07013360164d87ac0673fb0c4f1e004b15d375b930c1763d9f7a5b211fa3997ebf80c2885429beb4ef1c4ee7b56e3712e21869bd1bb3
Score

1^/10
behavioral3 behavioral4
- Target
  
  timesubscription 365.c
- Size
  
  5KB
- MD5
  
  58e41fe321da39e3060357e16acca2e0
- SHA1
  
  fc0281f0332f9a9a17eb241f51c84ad872b2f71a
- SHA256
  
  4ac0ef00b7021810d4b278b7224ee0b4af55c42f1f8c77d468d84ef5070e3804
- SHA512
  
  3633f7ecb7eeb72c60f5f33d367c41fed40deabbcc720d9cf212b5e11f1efa416f7e2dae3662b3589451ae8437a5888fecfc035423c094b2e88f6751c35a3dfd
- SSDEEP
  
  96:snn0dWKYG50EsnRG5rtIJ5+g/ipxFqVNxPOqh6af71Hlf3I4:gnvpk0rnRG1tIJb4xFCxP+afjQ4
Score

3^/10
behavioral5 behavioral6
- Target
  
  xone.crack.exe
- Size
  
  4.3MB
- MD5
  
  d8ce4ef56ff10aa1a9625d76509993bc
- SHA1
  
  a032f36290695d1f8f744d188d025993d62b1dab
- SHA256
  
  ab714198bd03a5b9577fe4f974f08eb8bc4d63de51ace8964f2dbc279c1c2f86
- SHA512
  
  84f2f1e205f90b2c48304481f300c7dd171a59f9f2fdbae00279578aae2164e0db162c78d75024779064728f47e98de49a67a9d6b5b14e80f1d650b8c11d9e83
- SSDEEP
  
  49152:XJzG4XQxvHUmPbLHzDJLwvGEzgFuDOkWHYgEETBLunBwHAN5CHhCwoqmDuxZs8Dz:RkvHUmv1+Ge0Yh4voqmDu0WxcyRZmH
Score

10^/10

lucastealer spyware stealer
- Luca Stealer
  Info stealer written in Rust first seen in July 2022.
  stealer lucastealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral7 behavioral8