lucastealer | 1b73e0f63312bea44a3e1977389c269143f872271903cfc2af98d165bbbcea70 | Triage

Sharing

General

Target

rust-stealer-xss.exe
Size

5.8MB
Sample

250414-vm4d4swscx
MD5

fd40ccbd0970b4d71b70e76f5c04446f
SHA1

e6f414a578294f2577dac6aa0f81ed05fdd2864d
SHA256

1b73e0f63312bea44a3e1977389c269143f872271903cfc2af98d165bbbcea70
SHA512

34cf6d74e6875feaa5f730157ebf1d758dce3e67cff119224c1d5a949f761857dab73953b9f5c98dd3b5143401597526550c74c81288172212908743321f2fa1
SSDEEP

49152:foV9jFtDhCJo454hxfyEqfHYFHFxQRknnNqaTsvNnhhQ9KJpgoWWWA52a43j9xTY:wDFT/bNqaQS9KJpusKI25Un+hW

Score

10^/10

lucastealer credential_access spyware stealer

Malware Config

Targets

- Target
  
  rust-stealer-xss.exe
- Size
  
  5.8MB
- MD5
  
  fd40ccbd0970b4d71b70e76f5c04446f
- SHA1
  
  e6f414a578294f2577dac6aa0f81ed05fdd2864d
- SHA256
  
  1b73e0f63312bea44a3e1977389c269143f872271903cfc2af98d165bbbcea70
- SHA512
  
  34cf6d74e6875feaa5f730157ebf1d758dce3e67cff119224c1d5a949f761857dab73953b9f5c98dd3b5143401597526550c74c81288172212908743321f2fa1
- SSDEEP
  
  49152:foV9jFtDhCJo454hxfyEqfHYFHFxQRknnNqaTsvNnhhQ9KJpgoWWWA52a43j9xTY:wDFT/bNqaQS9KJpusKI25Un+hW
Score

10^/10

lucastealer credential_access spyware stealer
- Luca Stealer
  Info stealer written in Rust first seen in July 2022.
  stealer lucastealer
- Lucastealer family
  lucastealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lucastealercredential_accessspywarestealer