Analysis Overview
SHA256
77737acf7b607545af8db683f21880bdd1a79c5c17e25a8669a51987586ba7ee
Threat Level: Known bad
The file 7dbdb73c15410a9d439f49aa0cca0a65c9b5ff8660774892099effa546e943bd.zip was found to be: Known bad.
Malicious Activity Summary
Luca Stealer
Lucastealer family
Unsecured Credentials: Credentials In Files
Reads user/profile data of web browsers
Looks up external IP address via web service
Accesses cryptocurrency files/wallets, possible credential harvesting
Enumerates connected drives
Unsigned PE
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-27 13:55
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-27 13:55
Reported
2024-12-27 13:58
Platform
win7-20240729-en
Max time kernel
120s
Max time network
121s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\7dbdb73c15410a9d439f49aa0cca0a65c9b5ff8660774892099effa546e943bd.exe
"C:\Users\Admin\AppData\Local\Temp\7dbdb73c15410a9d439f49aa0cca0a65c9b5ff8660774892099effa546e943bd.exe"
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-12-27 13:55
Reported
2024-12-27 13:58
Platform
win10v2004-20241007-en
Max time kernel
92s
Max time network
144s
Command Line
Signatures
Luca Stealer
Lucastealer family
Reads user/profile data of web browsers
Unsecured Credentials: Credentials In Files
Accesses cryptocurrency files/wallets, possible credential harvesting
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\7dbdb73c15410a9d439f49aa0cca0a65c9b5ff8660774892099effa546e943bd.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip-api.com | N/A | N/A |
Suspicious behavior: EnumeratesProcesses
Processes
C:\Users\Admin\AppData\Local\Temp\7dbdb73c15410a9d439f49aa0cca0a65c9b5ff8660774892099effa546e943bd.exe
"C:\Users\Admin\AppData\Local\Temp\7dbdb73c15410a9d439f49aa0cca0a65c9b5ff8660774892099effa546e943bd.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.myip.ch | udp |
| CH | 62.2.148.19:80 | www.myip.ch | tcp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| CH | 62.2.148.19:80 | www.myip.ch | tcp |
| N/A | 127.0.0.1:52236 | tcp | |
| N/A | 127.0.0.1:52244 | tcp | |
| US | 8.8.8.8:53 | 19.148.2.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.112.95.208.in-addr.arpa | udp |
| N/A | 127.0.0.1:52258 | tcp | |
| CH | 62.2.148.19:80 | www.myip.ch | tcp |
| US | 8.8.8.8:53 | api.telegram.org | udp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 8.8.8.8:53 | 220.167.154.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.129.81.91.in-addr.arpa | udp |