lucastealer | 3c929d7c2dfe5638f93422aa26f6b6ef06624d0f8daa49887db9aac351d7b9d4 | Triage

Submit
Reports

Overview

overview

Static

static

Cryptor.rar

windows10-ltsc 2021-x64

Sharing

General

Target

Cryptor.rar
Size

2.4MB
Sample

241228-f4jzgawlet
MD5

ef9f68af5f34a034d845dad9bdd07ea0
SHA1

3b49d6f588c159edd24f9141d9022e7b48c4ca40
SHA256

3c929d7c2dfe5638f93422aa26f6b6ef06624d0f8daa49887db9aac351d7b9d4
SHA512

22055cb369163c9d2f568597cdfec0d6e966f7c570ee8d7317c51a557cc82359dc20e0eb6db7a75be358fdec7bb3b13e7a18ddc572da962dc9fcf31197898531
SSDEEP

49152:TBYnZhZAnf0ELHn8173pGCxrdqO+MuM4x+OBx4grZO1qiWbvPvQIaa2NQ:dYnZkMqctpRxrdq7Q4trXO1M7Q42NQ

Score

10^/10

lucastealer quasar office04 credential_access execution spyware stealer upx

Static task

static1

office04 upx quasar lucastealer

6 signatures

Behavioral task

behavioral1

Sample

Cryptor.rar

Resource

win10ltsc2021-20241211-en

lucastealer credential_access execution spyware stealer upx

windows10-ltsc 2021-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

127.0.0.1:4782

Mutex

b8be2b57-3322-4df8-967c-65aedf2d425d

Attributes

encryption_key
5871F8D84AF9E4D8F5ABACF2A5DD66E256B5A672
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  Cryptor.rar
- Size
  
  2.4MB
- MD5
  
  ef9f68af5f34a034d845dad9bdd07ea0
- SHA1
  
  3b49d6f588c159edd24f9141d9022e7b48c4ca40
- SHA256
  
  3c929d7c2dfe5638f93422aa26f6b6ef06624d0f8daa49887db9aac351d7b9d4
- SHA512
  
  22055cb369163c9d2f568597cdfec0d6e966f7c570ee8d7317c51a557cc82359dc20e0eb6db7a75be358fdec7bb3b13e7a18ddc572da962dc9fcf31197898531
- SSDEEP
  
  49152:TBYnZhZAnf0ELHn8173pGCxrdqO+MuM4x+OBx4grZO1qiWbvPvQIaa2NQ:dYnZkMqctpRxrdq7Q4trXO1M7Q42NQ
Score

10^/10

lucastealer credential_access execution spyware stealer upx
- Luca Stealer
  Info stealer written in Rust first seen in July 2022.
  stealer lucastealer
- Luca Stealer payload
- Lucastealer family
  lucastealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

office04upxquasarlucastealer

behavioral1

lucastealercredential_accessexecutionspywarestealerupx

© 2018-2024

Terms | Privacy