Behavioral task
behavioral1
Sample
01cbda953163d513026ef3b576e671d77daa350222b094283f7c4c79b374068a.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
01cbda953163d513026ef3b576e671d77daa350222b094283f7c4c79b374068a.exe
Resource
win10v2004-20220812-en
General
-
Target
01cbda953163d513026ef3b576e671d77daa350222b094283f7c4c79b374068a.bin
-
Size
15.4MB
-
MD5
3dc5656f3e92921ef629a8217c6306f0
-
SHA1
78a3fd75f594f8cef5899f3e1735c256440eaf6f
-
SHA256
01cbda953163d513026ef3b576e671d77daa350222b094283f7c4c79b374068a
-
SHA512
56b3c65ad3491d5a44bc17dcd5bca18ba6167fea418aa3d0d144c7b583018f990f3d3046e1b73dcd17736e724ce0b0b042401ad8662d744ae77efe763ba68094
-
SSDEEP
98304:yjaYpsAOia3mPa0WOw6PXoKTsmcaoswfdVgiGKDzY1iYKaXP:fYu1E7w6P4ycn7UKD01iYKi
Malware Config
Signatures
-
Luca Stealer payload 1 IoCs
resource yara_rule sample family_lucastealer -
Lucastealer family
Files
-
01cbda953163d513026ef3b576e671d77daa350222b094283f7c4c79b374068a.bin.exe windows x64
7c1a215eac498128cb3f420045e020a5
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
ws2_32
setsockopt
getsockopt
WSAIoctl
__WSAFDIsSet
WSASend
send
WSARecv
WSACloseEvent
shutdown
getpeername
getsockname
select
bind
connect
listen
accept
ioctlsocket
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent
WSASetEvent
WSAWaitForMultipleEvents
WSAGetLastError
htons
ntohs
socket
WSASetLastError
WSAStartup
recv
WSACleanup
getaddrinfo
freeaddrinfo
htonl
WSAGetOverlappedResult
WSASocketW
closesocket
crypt32
CertGetEnhancedKeyUsage
CertDuplicateCertificateContext
CertDuplicateStore
CertDuplicateCertificateChain
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CryptUnprotectData
secur32
AcquireCredentialsHandleA
ApplyControlToken
EncryptMessage
DeleteSecurityContext
FreeContextBuffer
InitializeSecurityContextW
AcceptSecurityContext
QueryContextAttributesW
LsaEnumerateLogonSessions
LsaGetLogonSessionData
LsaFreeReturnBuffer
FreeCredentialsHandle
DecryptMessage
kernel32
TerminateProcess
GetStdHandle
SetFileInformationByHandle
WakeAllConditionVariable
WakeConditionVariable
CreateMutexA
FindNextFileW
CreateDirectoryW
FindFirstFileW
GetFileInformationByHandleEx
CopyFileExW
ExitProcess
CreateThread
TlsGetValue
TlsSetValue
GetConsoleMode
WriteConsoleW
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
SetFilePointerEx
GetEnvironmentVariableW
GetCurrentDirectoryW
RtlLookupFunctionEntry
RtlCaptureContext
GetCurrentThread
GetCurrentProcess
SwitchToThread
SetThreadStackGuarantee
AddVectoredExceptionHandler
GetLastError
GetUserPreferredUILanguages
GetComputerNameExW
ReleaseSRWLockExclusive
GetModuleHandleW
GetProcAddress
SetHandleInformation
GetCurrentProcessId
SetLastError
FormatMessageW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
SleepEx
QueryPerformanceFrequency
GetSystemDirectoryA
FreeLibrary
GetModuleHandleA
LoadLibraryA
QueryPerformanceCounter
GetTickCount
Sleep
MultiByteToWideChar
WideCharToMultiByte
MoveFileExA
GetEnvironmentVariableA
CloseHandle
WaitForSingleObjectEx
VerSetConditionMask
VerifyVersionInfoW
CreateFileA
GetFileSizeEx
ReadFile
LoadLibraryExW
ReleaseSRWLockShared
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
SystemTimeToFileTime
GetSystemTimeAsFileTime
AcquireSRWLockShared
LocalFree
CancelIoEx
SetFileCompletionNotificationModes
SleepConditionVariableSRW
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
WriteFile
FlushFileBuffers
GetTickCount64
GlobalMemoryStatusEx
OpenProcess
GetProcessHeap
HeapAlloc
HeapFree
GetProcessTimes
VirtualQueryEx
ReadProcessMemory
GetSystemTimes
GetProcessIoCounters
GetSystemInfo
GetDiskFreeSpaceExW
CreateFileW
GetLogicalDrives
GetDriveTypeW
GetVolumeInformationW
DeviceIoControl
WaitForSingleObject
GetFileInformationByHandle
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
GetFileSize
LockFileEx
UnlockFile
HeapDestroy
HeapCompact
LoadLibraryW
HeapReAlloc
DeleteFileW
DeleteFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapSize
HeapValidate
UnmapViewOfFile
GetFileAttributesW
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
GetFullPathNameW
HeapCreate
AreFileApisANSI
InitializeCriticalSection
TryEnterCriticalSection
GetCurrentThreadId
ReleaseMutex
FindClose
advapi32
GetUserNameW
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptCreateHash
LookupAccountSidW
CryptDestroyHash
CryptHashData
RegOpenKeyExW
RegQueryValueExW
OpenProcessToken
GetTokenInformation
ole32
CoTaskMemFree
CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CoSetProxyBlanket
CoUninitialize
oleaut32
SysFreeString
SysAllocString
VariantClear
ntdll
NtQueryInformationProcess
RtlGetVersion
NtQuerySystemInformation
shell32
CommandLineToArgvW
SHGetKnownFolderPath
iphlpapi
FreeMibTable
GetIfEntry2
GetIfTable2
netapi32
NetApiBufferFree
NetUserGetLocalGroups
NetUserEnum
pdh
PdhCloseQuery
PdhRemoveCounter
PdhGetFormattedCounterValue
PdhAddEnglishCounterW
PdhCollectQueryData
PdhOpenQueryA
powrprof
CallNtPowerInformation
gdi32
CreateCompatibleBitmap
GetDIBits
GetDeviceCaps
CreateCompatibleDC
SetStretchBltMode
SelectObject
DeleteObject
DeleteDC
CreateDCW
StretchBlt
GetObjectW
user32
EnumDisplaySettingsExW
EnumDisplayMonitors
GetMonitorInfoW
bcrypt
BCryptGenRandom
psapi
GetModuleFileNameExW
EnumProcessModulesEx
GetPerformanceInfo
vcruntime140
memcpy
memset
memmove
strchr
strrchr
memcmp
strstr
memchr
_CxxThrowException
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
api-ms-win-crt-string-l1-1-0
strspn
strncpy
strcpy
tolower
_strdup
strcmp
wcslen
strcspn
strpbrk
strlen
isupper
strncmp
api-ms-win-crt-math-l1-1-0
__setusermatherr
_dclass
log
api-ms-win-crt-stdio-l1-1-0
__stdio_common_vsprintf
fputc
__acrt_iob_func
fread
fwrite
fopen
_lseeki64
_set_fmode
fgets
fseek
ftell
__p__commode
_close
feof
_read
_write
fflush
fclose
fputs
__stdio_common_vsscanf
_open
api-ms-win-crt-heap-l1-1-0
_set_new_mode
malloc
calloc
_msize
free
realloc
api-ms-win-crt-convert-l1-1-0
atoi
strtoll
strtol
wcstombs
strtoul
api-ms-win-crt-runtime-l1-1-0
_cexit
_set_app_type
_seh_filter_exe
_endthreadex
_configure_narrow_argv
_initterm
_c_exit
_register_thread_local_exe_atexit_callback
__sys_errlist
__sys_nerr
_get_initial_narrow_environment
terminate
_initialize_onexit_table
_initterm_e
exit
__p___argv
_exit
_initialize_narrow_environment
_register_onexit_function
_crt_atexit
_beginthreadex
_errno
__p___argc
api-ms-win-crt-time-l1-1-0
_time64
_localtime64_s
_gmtime64
strftime
api-ms-win-crt-utility-l1-1-0
qsort
api-ms-win-crt-filesystem-l1-1-0
_stat64
_fstat64
_access
_unlink
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
Sections
.text Size: 11.9MB - Virtual size: 11.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2.5MB - Virtual size: 2.5MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 124KB - Virtual size: 128KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 863KB - Virtual size: 862KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ