General
-
Target
rust-stealer-xss.exe
-
Size
5.4MB
-
Sample
250330-v48p6awjt7
-
MD5
757220d2a9fbe32c7478f27ecbdae5ae
-
SHA1
e9a6822c498731831da6938c25b15a131bf67dfb
-
SHA256
f4f5790a9be596d88822e54ed04b257c529955bd71b49e2e1381b6f0bd8acf57
-
SHA512
fef6d21056aaa768a7ad3558d04d3df9bdcd8dc6911fb397ddc87c4c9a5e756584e8f8d81a19b911440ebfec5b34ca4d57715f559007b4ba9d1b62006a654b94
-
SSDEEP
49152:zTLzKrjyznOLlalYWvQhzQk5GwRgEgfTmcD8LneUqm/G7T251qpbWGAxVRwyjSMH:zjykYWQQfwRYC37Vq2NJsSPPDHn+y
Malware Config
Targets
-
-
Target
rust-stealer-xss.exe
-
Size
5.4MB
-
MD5
757220d2a9fbe32c7478f27ecbdae5ae
-
SHA1
e9a6822c498731831da6938c25b15a131bf67dfb
-
SHA256
f4f5790a9be596d88822e54ed04b257c529955bd71b49e2e1381b6f0bd8acf57
-
SHA512
fef6d21056aaa768a7ad3558d04d3df9bdcd8dc6911fb397ddc87c4c9a5e756584e8f8d81a19b911440ebfec5b34ca4d57715f559007b4ba9d1b62006a654b94
-
SSDEEP
49152:zTLzKrjyznOLlalYWvQhzQk5GwRgEgfTmcD8LneUqm/G7T251qpbWGAxVRwyjSMH:zjykYWQQfwRYC37Vq2NJsSPPDHn+y
Score10/10-
Luca Stealer
Info stealer written in Rust first seen in July 2022.
-
Lucastealer family
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-