General

  • Target

    2024-11-15_09ecc9f2670ae3f57b62c491ddccee89_luca-stealer_magniber

  • Size

    5.7MB

  • Sample

    241115-pxbtysthqj

  • MD5

    09ecc9f2670ae3f57b62c491ddccee89

  • SHA1

    aef08c169e9a17b7a1a07a710a4c1ef834dbc548

  • SHA256

    c0321683336eff3967a4a4afd3ab713eb113d29b3425911ea3b9b8351870e35e

  • SHA512

    b1d19cffc742f7cbc921d3531fe9b19edcdcd434578b8cc9b9eb22d2500755da5e2bf0dd31469c6e195715dc875c1c510e2aa4b814d7a776155439194564e702

  • SSDEEP

    49152:/mlI9H9rY654KYroYJqkhWFUBlNwnFq3kXRsPI6BRY20YZAliDgFL2YmXZjU2P3q:kiH9MfT3NwMkKhBRr0yAk6qkKvs

Malware Config

Targets

    • Target

      2024-11-15_09ecc9f2670ae3f57b62c491ddccee89_luca-stealer_magniber

    • Size

      5.7MB

    • MD5

      09ecc9f2670ae3f57b62c491ddccee89

    • SHA1

      aef08c169e9a17b7a1a07a710a4c1ef834dbc548

    • SHA256

      c0321683336eff3967a4a4afd3ab713eb113d29b3425911ea3b9b8351870e35e

    • SHA512

      b1d19cffc742f7cbc921d3531fe9b19edcdcd434578b8cc9b9eb22d2500755da5e2bf0dd31469c6e195715dc875c1c510e2aa4b814d7a776155439194564e702

    • SSDEEP

      49152:/mlI9H9rY654KYroYJqkhWFUBlNwnFq3kXRsPI6BRY20YZAliDgFL2YmXZjU2P3q:kiH9MfT3NwMkKhBRr0yAk6qkKvs

    • Renames multiple (175) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops file in Drivers directory

    • Deletes itself

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks