35612c79bde985c957ba521bbc7aa8541c31fb235ca7a91d0ee225f988921eb4 | Triage

Resubmissions

05-02-2025 18:49

250205-xgj5ds1jen 6

05-02-2025 09:29

250205-lgd3lazqe1 6

05-02-2025 07:57

250205-js8p8sypbn 6

04-02-2025 16:25

250204-tww6qa1ray 6

04-02-2025 16:16

250204-tq96dstkcn 10

22-01-2025 11:24

250122-nh5m2svlcr 6

Sharing

General

Target

2025-01-22_21d52d07f0f04e0934011978a85e6a15_avoslocker_luca-stealer
Size

3.3MB
Sample

250205-js8p8sypbn
MD5

21d52d07f0f04e0934011978a85e6a15
SHA1

07647f0eddf46d19e0864624b22236b2cdf561a1
SHA256

35612c79bde985c957ba521bbc7aa8541c31fb235ca7a91d0ee225f988921eb4
SHA512

0338a651fbbbd327dc4fa97f72106db9dafced3226823b2149ec2567745c492c051b9a6a2210ccc0ffc5345a6dad9f3764aeed5cd77562ab6202dd977c59480a
SSDEEP

98304:8KsW1+M5NCnvjZEb9B7Z9B7Gy5p6v8u9B7:81yy2j7Zj7j5p6Rj7

Score

6^/10

discovery persistence

Malware Config

Targets

- Target
  
  2025-01-22_21d52d07f0f04e0934011978a85e6a15_avoslocker_luca-stealer
- Size
  
  3.3MB
- MD5
  
  21d52d07f0f04e0934011978a85e6a15
- SHA1
  
  07647f0eddf46d19e0864624b22236b2cdf561a1
- SHA256
  
  35612c79bde985c957ba521bbc7aa8541c31fb235ca7a91d0ee225f988921eb4
- SHA512
  
  0338a651fbbbd327dc4fa97f72106db9dafced3226823b2149ec2567745c492c051b9a6a2210ccc0ffc5345a6dad9f3764aeed5cd77562ab6202dd977c59480a
- SSDEEP
  
  98304:8KsW1+M5NCnvjZEb9B7Z9B7Gy5p6v8u9B7:81yy2j7Zj7j5p6Rj7
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence