Overview

overview

10

Static

static

7

t-(t/BLToo...O].exe

windows7-x64

7

t-(t/BLToo...O].exe

windows10-2004-x64

10

Resubmissions

09-11-2024 21:35

241109-1fk7vasgme 10

09-11-2024 21:32

241109-1dwkssvrbj 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    t-(t.zip

  • Size

    10.1MB

  • Sample

    241109-1dwkssvrbj

  • MD5

    a8ae0866553a3ce40f8e11cc6af47445

  • SHA1

    b21684104e7c435d3b4ff4385d404574fc314176

  • SHA256

    9cb690e7cebbc6bf80e2ad11a2013331a4908bbb88fd83012fe5e5c7df9cb511

  • SHA512

    601723a2a8459d6dcdcb23ecdee137938afea13a91009539538bf2c763807bc5ed9d56867f0214ab49a92b7cd128a96ebfa271e8b5097aaed5cfe250a400f1b1

  • SSDEEP

    196608:KvT+jIQTUEZ87/QdkgswrVLxQopKwnSfcLM6Yae8u+dE9WzPgSBLtO72:KvqHTZ8jSs6Vi/fcLvYaRFd908tO72

Score
10/10
lucastealercredential_accessspywarestealervmprotect

Malware Config

Targets

    • Target

      t-(t/BLTools v2.9 [PRO].exe

    • Size

      7.1MB

    • MD5

      bef86c9792f7f8bc658ca1d1bce63c60

    • SHA1

      d7d3fe3ae1e950cd4192d46a0bf6505ec3858689

    • SHA256

      2ebfc2838c33ff2fc3547369bf0e8bcdfe41c245ede9241602f44afbf7c3cfdb

    • SHA512

      6ec05fa9bd6ab5c8f1aaa323c81d9f8ae5905a9dba4c511a57c473f568fa551115442ac325547beaecb5c9813446689be37e0485a8fa78f03bf9e82386a93de7

    • SSDEEP

      98304:LinmCgeyQbyt5fTQ7lN7jGb5XQueha05FK7Km53t/VXCRjwsRMJnq2ISUMRlEGy:L0/UVQ7D+b56ha07K7KettcVFcIG

    Score
    10/10
    vmprotectlucastealercredential_accessspywarestealer

    • Luca Stealer

      Info stealer written in Rust first seen in July 2022.

      stealerlucastealer

    • Lucastealer family

      lucastealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks