General
-
Target
BLTools_v2.9__PRO_.zip
-
Size
9.9MB
-
Sample
241110-23f23swpft
-
MD5
8586f2582de2dac652004ce8818a7741
-
SHA1
6c940e8dbe7ddfd23ea0efb79087728651d1aa9f
-
SHA256
c838c451a5edbc8ab8bd38a3d8d37623e97fa2f109d60bb7fe7b91d80279dbb5
-
SHA512
ce7cefe5c485316f94ba9034df5839cbaf71f1013b9e78ef313c70427bae9245849a2aa9df05dfd38c47b8719ad00aca5b8f9ce0e8a6d3c7e874b56d003b5e33
-
SSDEEP
196608:7Zkf5xM9FU495KnWXeWYGLq2uFn440rzX5ub18l3V2aC2/5K5ZD7Reu7ZvTvwqVn:lxvnuWLqR440/pCQ3k4w5Z9ZvzwOSsm2
Malware Config
Targets
-
-
Target
BLTools_v2.9__PRO_.zip
-
Size
9.9MB
-
MD5
8586f2582de2dac652004ce8818a7741
-
SHA1
6c940e8dbe7ddfd23ea0efb79087728651d1aa9f
-
SHA256
c838c451a5edbc8ab8bd38a3d8d37623e97fa2f109d60bb7fe7b91d80279dbb5
-
SHA512
ce7cefe5c485316f94ba9034df5839cbaf71f1013b9e78ef313c70427bae9245849a2aa9df05dfd38c47b8719ad00aca5b8f9ce0e8a6d3c7e874b56d003b5e33
-
SSDEEP
196608:7Zkf5xM9FU495KnWXeWYGLq2uFn440rzX5ub18l3V2aC2/5K5ZD7Reu7ZvTvwqVn:lxvnuWLqR440/pCQ3k4w5Z9ZvzwOSsm2
Score10/10-
Luca Stealer
Info stealer written in Rust first seen in July 2022.
-
Lucastealer family
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
VMProtect packed file
Detects executables packed with VMProtect commercial packer.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-