General
-
Target
6b0956eb828c9de80de6e4144e904ae0_NeikiAnalytics.exe
-
Size
8.7MB
-
Sample
240530-2gzbjada88
-
MD5
6b0956eb828c9de80de6e4144e904ae0
-
SHA1
03099bf11297cdc15badd3dc651c273302e80807
-
SHA256
82bda718a2a0809e9ced3caf31de70eb187447ccf49e7d2d282bd72b5f9c1676
-
SHA512
6de681405d76a368593e6fb606f531301767b02f47033d7de4a45aac28ce6eb3e49f91e3aebc8fd2d5d2fc74c916d1b7f9e2f5709e13120b796d7e297cf67908
-
SSDEEP
196608:Lc1z3ltL5LdGVzu+lKc1z3ltL5LdGVzu+lw:L05LdGVzBo05LdGVzBa
Malware Config
Extracted
lucastealer
https://api.telegram.org/bot6068798932:AAG_cHiqinDwNZ3Hd-rdp8tPwbT0czdVwTw
Targets
-
-
Target
6b0956eb828c9de80de6e4144e904ae0_NeikiAnalytics.exe
-
Size
8.7MB
-
MD5
6b0956eb828c9de80de6e4144e904ae0
-
SHA1
03099bf11297cdc15badd3dc651c273302e80807
-
SHA256
82bda718a2a0809e9ced3caf31de70eb187447ccf49e7d2d282bd72b5f9c1676
-
SHA512
6de681405d76a368593e6fb606f531301767b02f47033d7de4a45aac28ce6eb3e49f91e3aebc8fd2d5d2fc74c916d1b7f9e2f5709e13120b796d7e297cf67908
-
SSDEEP
196608:Lc1z3ltL5LdGVzu+lKc1z3ltL5LdGVzu+lw:L05LdGVzBo05LdGVzBa
Score10/10-
Luca Stealer
Info stealer written in Rust first seen in July 2022.
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Scheduled Task/Job
1