Extracted

• • Target

    2025-01-19_c22e249fd9c13be9782bf4856da3b961_avoslocker_luca-stealer

  • Size

    1.6MB

  • MD5

    c22e249fd9c13be9782bf4856da3b961

  • SHA1

    584e9e7bbdde108fcc6d88b76c2ab27d451b0dea

  • SHA256

    7457038bdf90e1444afeae49fbda4532a2ac3b94197ee08c64906b8c418e3d76

  • SHA512

    77eb55f36df0cff4562617e9bde9b9dc26f4aa18b82205e516edc2c180a071329bf9fa3596f8067bb71742ad58dbade96b19deebe5154ef7556524cdea7324a7

  • SSDEEP

    24576:EBktd5tCfUsfLKX0Jb74GbOXHbTK3sCSTQWMsqjnhMgeiCl7G0nehbGZpbD:E6tFC8oKjfssCSTQW4Dmg27RnWGj

  Score

  10^/10

  conticredential_accessdiscoveryransomwarespywarestealer

  • Conti Ransomware

    Ransomware generally thought to be a successor to Ryuk.

    ransomwareconti

  • Conti family

    conti

  • Renames multiple (8013) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Credentials from Password Stores: Windows Credential Manager

    Suspicious access to Credentials History.

    credential_accessstealer

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops desktop.ini file(s)

  • Drops file in System32 directory

  behavioral1behavioral2