Extracted

• • Target

    2024-11-23_9e28725a40faab491e96a80d5c258c31_inc_luca-stealer

  • Size

    142KB

  • MD5

    9e28725a40faab491e96a80d5c258c31

  • SHA1

    2cc8ca797c6c731f0266a27176d71697e097824b

  • SHA256

    0e3f849e351cea99f9979889fc4d3700c710573a215805329eb097c533d87c3e

  • SHA512

    5448cdb27bc354091bb25a5cb3d17e71cad8ec2825069b177b3cddec8887e6118dc614eed41c24f948bd39751903f79e66939ae3081f175355cc2bb0d054ec29

  • SSDEEP

    3072:uA5ohBykv/QGvx4TOPu5XH4KoUu2JsaO0xiQhzNHaGVV:DojR/QY4CP434KrtOiJHFVV

  Score

  10^/10

  inc_ransomdiscoveryransomwarecredential_accessstealer

  • INC Ransomware

    INC Ransom is a ransomware that emerged in July 2023.

    ransomwareinc_ransom

  • Inc_ransom family

    inc_ransom

  • Renames multiple (353) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Credentials from Password Stores: Windows Credential Manager

    Suspicious access to Credentials History.

    credential_accessstealer

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory

  • Sets desktop wallpaper using registry

    ransomware
  behavioral1behavioral2