General
-
Target
2024-11-08_584e2fa81238e7454e95d64671b2413f_luca-stealer_magniber_revil
-
Size
31.6MB
-
Sample
241108-bws5yssclp
-
MD5
584e2fa81238e7454e95d64671b2413f
-
SHA1
cc1984cd1c3e0bc8b02f9734a7becae7cd091e15
-
SHA256
93f24bfe76a43936c58678a02bb4a87e6a7ac65049b0c7b4c7626df651015198
-
SHA512
74527de89b6245acb4ae403539f8216614a65bf41fd6861b6f809db7cef72fb2f1d9f9db99aa0c0164f79d068dfab49d014584badbdc99bd27ff28f5b0d9b443
-
SSDEEP
786432:HUZpzQ8Zv2ILBqrsz/WyqqsmsYwL8XFE:sLZv2ILBH/7qpzA
Static task
static1
Behavioral task
behavioral1
Sample
2024-11-08_584e2fa81238e7454e95d64671b2413f_luca-stealer_magniber_revil.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
2024-11-08_584e2fa81238e7454e95d64671b2413f_luca-stealer_magniber_revil.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
2024-11-08_584e2fa81238e7454e95d64671b2413f_luca-stealer_magniber_revil
-
Size
31.6MB
-
MD5
584e2fa81238e7454e95d64671b2413f
-
SHA1
cc1984cd1c3e0bc8b02f9734a7becae7cd091e15
-
SHA256
93f24bfe76a43936c58678a02bb4a87e6a7ac65049b0c7b4c7626df651015198
-
SHA512
74527de89b6245acb4ae403539f8216614a65bf41fd6861b6f809db7cef72fb2f1d9f9db99aa0c0164f79d068dfab49d014584badbdc99bd27ff28f5b0d9b443
-
SSDEEP
786432:HUZpzQ8Zv2ILBqrsz/WyqqsmsYwL8XFE:sLZv2ILBH/7qpzA
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
1Credentials in Registry
1