eca457c7e9258b7526c10dda70afb96f7af73718c19c4ede894cc40e56af77fa

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2025 01:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-25_27b2027f92ca66969c3f2449010aba5c_avoslocker_cobalt-strike_luca-stealer.exe
Size

270KB
MD5

27b2027f92ca66969c3f2449010aba5c
SHA1

f4fc8e43ad5d15c3781c7b0812a3663d55c98643
SHA256

eca457c7e9258b7526c10dda70afb96f7af73718c19c4ede894cc40e56af77fa
SHA512

98c6b55170cedc5b1d27cc8775b1d2acd023d20956767bfe3b96cbe88ceb56abe042d575b66539fe7fb11aa43cf5978a3ce66b60534bb638468fbff4692a4689
SSDEEP

6144:tDOnyhORl/hfUStnsjngPq+Ar32coTinSReWYfpuyt4pxdmqxFB:tDIyhORl/pUSNsjngPMr3JoTimYfpuyE

Score

7^/10

discovery spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-01-25_27b2027f92ca66969c3f2449010aba5c_avoslocker_cobalt-strike_luca-stealer.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	2025-01-25_27b2027f92ca66969c3f2449010aba5c_avoslocker_cobalt-strike_luca-stealer.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	2025-01-25_27b2027f92ca66969c3f2449010aba5c_avoslocker_cobalt-strike_luca-stealer.exe

C:\Users\Admin\AppData\Local\Temp\2025-01-25_27b2027f92ca66969c3f2449010aba5c_avoslocker_cobalt-strike_luca-stealer.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-25_27b2027f92ca66969c3f2449010aba5c_avoslocker_cobalt-strike_luca-stealer.exe"
1⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
PID:1192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\tsIppJJq\ZfUfhpMOdD.zip

Filesize
55KB

MD5
51785069ed44d9d91f73ed49e526707c

SHA1
c4c6e75406d9a7e0e56357144e1d5128359b5c32

SHA256
dad8c77a8593f87349f705381bbafb88f3d5570fdb0ee07aa2fa43fe0ad0e235

SHA512
ec0433dd2862f723fa47fcbf9595e8c1a3af4f2e471b2828743998140464c0bca17a0dddd80b5bb7ed7bf02a4f29dc49a873cbf18a5090f3ecc0c8ccdf28dfe5

Download Submit
C:\Users\Admin\AppData\Local\Temp\tsIppJJq\_Files\_Information.txt

Filesize
2KB

MD5
89e7ae6a380ec4f6a7e6295e59945ff4

SHA1
e5d12920e13a5599acef82a110d8bff75040ec96

SHA256
d6c503ccf76290051e7c0e44a5e6f1725fb19a51362a4a41dc4fd0d3a40d2abc

SHA512
ad1b8677aab40fe5fa6fa53fe0ec0a758eabfb3fae4f14dc87a5a6f0f5c5ebfed78fa6360229feb6081b31fdf515ea4707b174cd4f70fcdbf358174f2fd3dc60

Download Submit
C:\Users\Admin\AppData\Local\Temp\tsIppJJq\_Files\_Information.txt

Filesize
7KB

MD5
3a604ca6a3f57d8f5a0d0dd7bbe2e7ef

SHA1
a7c321abed05cbf11a7921d983fec109536dba82

SHA256
a2b72dd7c008061aa0c4e841b8fbb08943f880534a46392e3e58e39746f3c96a

SHA512
8e5d6f24dbcca285ff4d45449cfc7d194287bb605ee05d0a383e90db46bd106d44a3de4af1db030078da9e9e268340bf433ee6e24014bcaf08ebb7acca7fefb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\tsIppJJq\_Files\_Screen_Desktop.jpeg

Filesize
53KB

MD5
f205c7dbced32ce990e12a4eabc24df1

SHA1
ec5ea70c84ede76ce576282842f0409339477916

SHA256
fdca51ced0d8d8c5ef85533a27d9e4b897aae5c7192333ad846a7519e08a7743

SHA512
dec926f1c0a7e6029c29aba86627832416763342669f938098b0e703d350218853d586a3909bbd750a450355a18e9fe3b651819b3ca9c3d9f875481c7ccc132f

Download Submit