Analysis
-
max time kernel
92s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
27-12-2024 13:55
General
-
Target
7dbdb73c15410a9d439f49aa0cca0a65c9b5ff8660774892099effa546e943bd.exe
-
Size
22.2MB
-
MD5
0ef0ffbd5cc0c2d10217688c017f3cc1
-
SHA1
f30d85dd1810bea597642338653142b9f1f14093
-
SHA256
7dbdb73c15410a9d439f49aa0cca0a65c9b5ff8660774892099effa546e943bd
-
SHA512
d54573a8ddbc99470c76ab68ff842b1ed009803f0d115eee982080e44b451273f979854569202c6b841b3b7deeaa0ae559c01cdcca655e337e16ada58be82b28
-
SSDEEP
98304:bQcmbF2xcY2LakGHFA8oMZv1gH7hiS5JRY9gFu9zP3u+dUL+4+f3H4fAaMQGsyhb:bVzcYVkCtdgq5dP3uW023pZl07K
Malware Config
Signatures
-
Luca Stealer
Info stealer written in Rust first seen in July 2022.
-
Lucastealer family
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files 1 TTPs
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7dbdb73c15410a9d439f49aa0cca0a65c9b5ff8660774892099effa546e943bd.exe"C:\Users\Admin\AppData\Local\Temp\7dbdb73c15410a9d439f49aa0cca0a65c9b5ff8660774892099effa546e943bd.exe"1⤵
- Enumerates connected drives
- Suspicious behavior: EnumeratesProcesses