lucastealer | 6e34d044692aeb09f18898680229fe884ba7af3dc6cc42cfa80a687f47ed5768 | Triage

Sharing

General

Target

96509da4c19a7242e73ae867aace3f6896d566073f893b4fc96d7f0932b31657.zip
Size

2.6MB
Sample

250126-aqqxzavpf1
MD5

a814f3db848d8994cb9f7c61ef390bf0
SHA1

9305e2d6ba8ad25e0cfebf4a8d30fa2a4fd9d9ad
SHA256

6e34d044692aeb09f18898680229fe884ba7af3dc6cc42cfa80a687f47ed5768
SHA512

0ae9c97f8398269446f88ccafacd1962c2557481679ba0a55d11a80f15965e798fddcfee9890e866cfb32334db7ed68d93897a5d4dbfffd3fff2efbd1000eb5d
SSDEEP

49152:ncTNKZoHYRIE9q1pMhyBHPFkkxRwCC+9Ey5L3:nWsZ9iR1pkUPhxRNCCEy93

Score

10^/10

lucastealer credential_access spyware stealer

Malware Config

Extracted

Family

lucastealer

C2

https://api.telegram.org/bot5445127247:AAG4B4j8lqlaY8ZmuKVv8PhTM8fpz0VhAaM

Targets

- Target
  
  96509da4c19a7242e73ae867aace3f6896d566073f893b4fc96d7f0932b31657
- Size
  
  5.2MB
- MD5
  
  00b9af585316df9f94e8f64bde659da0
- SHA1
  
  f7115d3c578a675718497faddc372c0dddd036ba
- SHA256
  
  96509da4c19a7242e73ae867aace3f6896d566073f893b4fc96d7f0932b31657
- SHA512
  
  da4eb412e5e741349ad6b9dd0d67f73d45acf55113cae2ddff8b6dce7dd6a59764c1902d8e8c0ef96f9975c9aa2add14233abe204a18a0ee841c9d3a63cd54ad
- SSDEEP
  
  98304:jsa4sNG78UNfaj3AvNA7zGQBpZchIPCe0s+:Qa4hNijQ+7zGQBpZchIPCe1
Score

7^/10

credential_access spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

credential_accessspywarestealer

behavioral2

credential_accessspywarestealer