General
-
Target
2024-12-16_eb3d9d71d30c29ccc0c88adb022f1f7a_luca-stealer_magniber_revil
-
Size
42.8MB
-
Sample
241216-s8hnesvnbq
-
MD5
eb3d9d71d30c29ccc0c88adb022f1f7a
-
SHA1
134c269c27416bad3cf7af8a5289616348f66366
-
SHA256
732b4874ac1a1d4326fc1d71d16910fce2835ceb87e76ad4ef2e40b1e948a6cc
-
SHA512
eca3276e8cf3287770eeb3cdbe9e2d6a28dfeb11408ce12e395ab99915dd2deeffe864071e4a2d8e3e7b275ffaea1c4da78e08b4dfb169b88c04d53d7d9a8f7e
-
SSDEEP
786432:HIOK9MrmgNNKBYjUMojDqpPBm1I+yuCUegHOdUXedH0:c6mgNNKqjMfsZECUhRA
Malware Config
Targets
-
-
Target
2024-12-16_eb3d9d71d30c29ccc0c88adb022f1f7a_luca-stealer_magniber_revil
-
Size
42.8MB
-
MD5
eb3d9d71d30c29ccc0c88adb022f1f7a
-
SHA1
134c269c27416bad3cf7af8a5289616348f66366
-
SHA256
732b4874ac1a1d4326fc1d71d16910fce2835ceb87e76ad4ef2e40b1e948a6cc
-
SHA512
eca3276e8cf3287770eeb3cdbe9e2d6a28dfeb11408ce12e395ab99915dd2deeffe864071e4a2d8e3e7b275ffaea1c4da78e08b4dfb169b88c04d53d7d9a8f7e
-
SSDEEP
786432:HIOK9MrmgNNKBYjUMojDqpPBm1I+yuCUegHOdUXedH0:c6mgNNKqjMfsZECUhRA
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Netsupport family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-