lucastealer | 3ab76dfb6466fd93828ad15cf0b8b07f2af35afcf80cdfa61d13020c99cab4be | Triage

Submit
Reports

Overview

overview

Static

static

5

3ab76dfb64...be.exe

windows7-x64

3ab76dfb64...be.exe

windows10-2004-x64

Sharing

General

Target

3ab76dfb6466fd93828ad15cf0b8b07f2af35afcf80cdfa61d13020c99cab4be
Size

4.5MB
Sample

240515-zwl9eacb62
MD5

c1b3ef385e1c4d20e8dc59c7a629192a
SHA1

5d4d1e43ed56f67967e7f7861e26e11d3f80db8c
SHA256

3ab76dfb6466fd93828ad15cf0b8b07f2af35afcf80cdfa61d13020c99cab4be
SHA512

e8f818da69a16c2f6577d62261a5d8e29f3a4c93c5cfd7eb8c18e0c2fa1bacd87ce35050d3f96d1bbf6b518fc63b77248399495399f998cd9a03a99fd312330f
SSDEEP

49152:CYWJZoQrbTFZY1iaZgI5ROX1lW68ZM5mmhD+SbilzCUWCLcMldpxruKihtKUoy+X:zWtrbTA1SXLW6jRhdGVQguhhW31Z+unP

Score

10^/10

lucastealer evasion persistence stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

3ab76dfb6466fd93828ad15cf0b8b07f2af35afcf80cdfa61d13020c99cab4be.exe

Resource

win7-20240221-en

lucastealer evasion persistence stealer

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

3ab76dfb6466fd93828ad15cf0b8b07f2af35afcf80cdfa61d13020c99cab4be.exe

Resource

win10v2004-20240508-en

lucastealer evasion persistence stealer

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Extracted

Family

lucastealer

C2

https://api.telegram.org/bot6068798932:AAG_cHiqinDwNZ3Hd-rdp8tPwbT0czdVwTw

Targets

- Target
  
  3ab76dfb6466fd93828ad15cf0b8b07f2af35afcf80cdfa61d13020c99cab4be
- Size
  
  4.5MB
- MD5
  
  c1b3ef385e1c4d20e8dc59c7a629192a
- SHA1
  
  5d4d1e43ed56f67967e7f7861e26e11d3f80db8c
- SHA256
  
  3ab76dfb6466fd93828ad15cf0b8b07f2af35afcf80cdfa61d13020c99cab4be
- SHA512
  
  e8f818da69a16c2f6577d62261a5d8e29f3a4c93c5cfd7eb8c18e0c2fa1bacd87ce35050d3f96d1bbf6b518fc63b77248399495399f998cd9a03a99fd312330f
- SSDEEP
  
  49152:CYWJZoQrbTFZY1iaZgI5ROX1lW68ZM5mmhD+SbilzCUWCLcMldpxruKihtKUoy+X:zWtrbTA1SXLW6jRhdGVQguhhW31Z+unP
Score

10^/10

lucastealer evasion persistence stealer
- Luca Stealer
  Info stealer written in Rust first seen in July 2022.
  stealer lucastealer
- Modifies WinLogon for persistence
  persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Detect binaries embedding considerable number of MFA browser extension IDs.
- Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.
- Detects executables using Telegram Chat Bot
- Modifies Installed Components in the registry
  persistence
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lucastealerevasionpersistencestealer

behavioral2

lucastealerevasionpersistencestealer

© 2018-2024

Terms | Privacy