lucastealer | 88861277bd4781714d1b18b762a3323c3395da2eb5b0afa5ebf07253020f2482 | Triage

Sharing

General

Target

803a5924f2a740903ad7878426750440_NeikiAnalytics
Size

4.8MB
Sample

240510-gan7rsdh31
MD5

803a5924f2a740903ad7878426750440
SHA1

147060843a83ee2a8ee813b4a25c64e894f14e71
SHA256

88861277bd4781714d1b18b762a3323c3395da2eb5b0afa5ebf07253020f2482
SHA512

055bd00d049c26fdb11d660bb7bed5967d478366025e5f9931c60fea16517811acf5fa22cf73fb4a5826b712a792c7f2fd604d21704b0a1d26786c9203f67dbf
SSDEEP

98304:zdItrbTA1mYcXLW6jRhdGVQguhhW31ZK7nh:zwc1j0L5LdGVzu+lah

Score

10^/10

lucastealer evasion execution persistence stealer

Malware Config

Extracted

Family

lucastealer

C2

https://api.telegram.org/bot6068798932:AAG_cHiqinDwNZ3Hd-rdp8tPwbT0czdVwTw

Targets

- Target
  
  803a5924f2a740903ad7878426750440_NeikiAnalytics
- Size
  
  4.8MB
- MD5
  
  803a5924f2a740903ad7878426750440
- SHA1
  
  147060843a83ee2a8ee813b4a25c64e894f14e71
- SHA256
  
  88861277bd4781714d1b18b762a3323c3395da2eb5b0afa5ebf07253020f2482
- SHA512
  
  055bd00d049c26fdb11d660bb7bed5967d478366025e5f9931c60fea16517811acf5fa22cf73fb4a5826b712a792c7f2fd604d21704b0a1d26786c9203f67dbf
- SSDEEP
  
  98304:zdItrbTA1mYcXLW6jRhdGVQguhhW31ZK7nh:zwc1j0L5LdGVzu+lah
Score

10^/10

lucastealer evasion execution persistence stealer
- Luca Stealer
  Info stealer written in Rust first seen in July 2022.
  stealer lucastealer
- Modifies WinLogon for persistence
  persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Modifies Installed Components in the registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lucastealerevasionexecutionpersistencestealer

behavioral2

lucastealerevasionexecutionpersistencestealer