Analysis
-
max time kernel
3s -
max time network
4s -
platform
windows11-21h2_x64 -
resource
win11-20250313-en -
resource tags
-
submitted
30/03/2025, 17:30
General
-
Target
rust-stealer-xss.exe
-
Size
5.4MB
-
MD5
757220d2a9fbe32c7478f27ecbdae5ae
-
SHA1
e9a6822c498731831da6938c25b15a131bf67dfb
-
SHA256
f4f5790a9be596d88822e54ed04b257c529955bd71b49e2e1381b6f0bd8acf57
-
SHA512
fef6d21056aaa768a7ad3558d04d3df9bdcd8dc6911fb397ddc87c4c9a5e756584e8f8d81a19b911440ebfec5b34ca4d57715f559007b4ba9d1b62006a654b94
-
SSDEEP
49152:zTLzKrjyznOLlalYWvQhzQk5GwRgEgfTmcD8LneUqm/G7T251qpbWGAxVRwyjSMH:zjykYWQQfwRYC37Vq2NJsSPPDHn+y
Malware Config
Signatures
-
Luca Stealer
Info stealer written in Rust first seen in July 2022.
-
Lucastealer family
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files 1 TTPs
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\rust-stealer-xss.exe"C:\Users\Admin\AppData\Local\Temp\rust-stealer-xss.exe"1⤵
- Enumerates connected drives
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
863KB
MD533174aaec68c0853511f4a220daaa985
SHA19571a729f9cd5ad372e8d4e8a7691a14112e81c3
SHA256412cb252909be448d7e30f601c55c9b8a0e0445216b0022c3ca86998e2089aca
SHA5123f8df44b0d9bb29709aae981b368d4dd3fb250ceb5a7b876f3b691e2b923b1dcdf45433ea415726c071d5ebbe37467edfc105003b292923933ac92de72d2ad95