General
-
Target
6950eb2bd04f9a5d84adb5ac4f5d78b8a76d2beef553e5d1d54b4388f15061e7.zip
-
Size
3.0MB
-
Sample
250308-vbkgvszns8
-
MD5
3b08d741dd94c71484d3f5b195afb808
-
SHA1
a588b0c0fd96aafb2b7672ba723b5097c8259484
-
SHA256
8dd2cdf040b50cc04a10861b61c2e74139974df405344bfe833d83798dd4ea54
-
SHA512
1acfb80e5698ba2e567d56fc75899b831c51e18001947dc678204e28dc029f1eef2219319d5d2c154fdf7a4b012daef77c3bc13a94346fed05efa38b4200250c
-
SSDEEP
49152:bX4zWcDcyOO2/Z0AbVTSRQVAJHDvmCwfeptgvlSOzQPyIHD/xx9N1xJ7XIyd6:bXpcDcqPHQVIDv5/olSTyI9xn3JLjk
Malware Config
Extracted
lucastealer
https://api.telegram.org/bot5407817511:AAFZnZK5IkmmwWaj3vmtXlZX8y7VlT59v6Q
Targets
-
-
Target
6950eb2bd04f9a5d84adb5ac4f5d78b8a76d2beef553e5d1d54b4388f15061e7
-
Size
6.0MB
-
MD5
febc63e02763cd676b1446b024639b81
-
SHA1
23c29ea38ed641f9926193befb1ac1a8c3e7d4e6
-
SHA256
6950eb2bd04f9a5d84adb5ac4f5d78b8a76d2beef553e5d1d54b4388f15061e7
-
SHA512
93a5e23859db3a29e2a34f6709566a79a1cd2b0f0ad7d6bf4efe34dbdd784e520bc06776e1ea00a13ceba95ac1ee2ea38d0eec4abbed4e15d2a334dc36d8a881
-
SSDEEP
49152:6Y3oQWF4WcPgM4+K2RjJjtE4HAZrGadSZMRPaThP46IPyIcju8HwQKpOlC6Z+Xe:6+5Nri4Uaad5Ml0ojeUEbkJA+Kxh
Score10/10-
Luca Stealer
Info stealer written in Rust first seen in July 2022.
-
Lucastealer family
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-