lucastealer | 542f88628a0eadf8c1236ad3252e548d047546d21686979f536b0c7af80fbbfc[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

542f88628a0eadf8c1236ad3252e548d047546d21686979f536b0c7af80fbbfc.zip
Size

8.4MB
MD5

a9df663e612e98ff9b3271583eb4339f
SHA1

0eee60c1ab2fd0b509eff10c4eb50bcefafec142
SHA256

a2b54a56d2eca856449262ddca635a531e629bfcd0fadc8ebad0eff9dad0b8dd
SHA512

80fd2b8a0f392447c6e0894a8c3ecf204429169ce2bda570b24103a56a771340a6989bdb9bcdfd8652c6ebe139084a890381c255d3ea96b4bd336e6b77c42a19
SSDEEP

196608:GayjKjhcDEzrvdK27AmScOjQrEQtEUPx5+tLaYa:ByIW+Tdn7ycaQr4OgFa

Score

10^/10

lucastealer

Malware Config

Signatures

Luca Stealer payload 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/542f88628a0eadf8c1236ad3252e548d047546d21686979f536b0c7af80fbbfc	family_lucastealer

Lucastealer family
lucastealer

Files

542f88628a0eadf8c1236ad3252e548d047546d21686979f536b0c7af80fbbfc.zip
.zip

Password: threatbook
542f88628a0eadf8c1236ad3252e548d047546d21686979f536b0c7af80fbbfc
.exe windows x64

Password: threatbook

84a9459a253c4033cb63b7de589d8d21

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

secur32

LsaGetLogonSessionData
LsaEnumerateLogonSessions
LsaFreeReturnBuffer

kernel32

CreateIoCompletionPort
GetQueuedCompletionStatusEx
InitializeSRWLock
InitializeCriticalSection
InitOnceExecuteOnce
GetTickCount64
SetFileCompletionNotificationModes
SleepConditionVariableSRW
SetHandleInformation
GetCurrentProcessId
WriteFile
GetProcessHeap
HeapAlloc
HeapFree
WaitForSingleObject
GetFileInformationByHandle
RtlVirtualUnwind
FlushFileBuffers
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
GetSystemTimeAsFileTime
GetFileSize
LockFileEx
UnlockFile
HeapDestroy
HeapCompact
LoadLibraryW
GetSystemInfo
HeapReAlloc
DeleteFileW
DeleteFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapSize
HeapValidate
UnmapViewOfFile
GetFileAttributesW
CreateFileW
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
GetFullPathNameW
HeapCreate
AreFileApisANSI
TryEnterCriticalSection
GetCurrentThreadId
PostQueuedCompletionStatus
GlobalMemoryStatusEx
OpenProcess
GetProcessTimes
VirtualQueryEx
ReadProcessMemory
GetSystemTimes
GetProcessIoCounters
GetDiskFreeSpaceExW
GetLogicalDrives
GetDriveTypeW
GetVolumeInformationW
DeviceIoControl
ReleaseMutex
FindClose
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
GetCurrentProcess
GetCurrentThread
RtlCaptureContext
RtlLookupFunctionEntry
GetCurrentDirectoryW
GetEnvironmentVariableW
SetFilePointerEx
DuplicateHandle
GetStdHandle
TerminateProcess
WakeAllConditionVariable
WakeConditionVariable
CreateMutexA
FindNextFileW
CreateDirectoryW
FindFirstFileW
GetFileInformationByHandleEx
CopyFileExW
ExitProcess
CreateThread
TlsGetValue
TlsSetValue
GetConsoleMode
WriteConsoleW
ReleaseSRWLockShared
AcquireSRWLockShared
ReadFile
GetFileSizeEx
CreateFileA
VerifyVersionInfoW
VerSetConditionMask
WaitForSingleObjectEx
GetEnvironmentVariableA
MoveFileExA
WideCharToMultiByte
MultiByteToWideChar
GetTickCount
QueryPerformanceCounter
LoadLibraryA
GetSystemDirectoryA
QueryPerformanceFrequency
SleepEx
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FormatMessageW
LocalFree
GetModuleHandleW
TryAcquireSRWLockExclusive
SystemTimeToFileTime
GetHandleInformation
SetLastError
GetFinalPathNameByHandleW
SetFileInformationByHandle
CloseHandle
GetModuleHandleA
Sleep
FreeLibrary
GetProcAddress
LoadLibraryExW
GetComputerNameExW
GetUserPreferredUILanguages
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetLastError
RaiseException
VirtualQuery

advapi32

GetUserNameW
RegOpenKeyExW
RegCloseKey
SystemFunction036
CryptReleaseContext
CryptAcquireContextA
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
OpenProcessToken
GetTokenInformation
LookupAccountSidW
RegQueryValueExW

ws2_32

WSAStartup
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htons
getsockopt
__WSAFDIsSet
getpeername
connect
select
closesocket
send
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSACleanup
getaddrinfo
freeaddrinfo
accept
htonl
WSASend
listen
ioctlsocket
WSASocketW
shutdown
WSARecv
recvfrom
getsockname
WSAResetEvent
WSASetEvent
WSAWaitForMultipleEvents
WSAGetLastError
recv
bind

crypt32

CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertEnumCertificatesInStore
CertFindCertificateInStore
CertGetEnhancedKeyUsage
CertDuplicateCertificateContext
CertFreeCertificateContext
PFXImportCertStore
CertOpenStore
CryptUnprotectData
CertFreeCertificateChain
CryptDecodeObjectEx
CryptStringToBinaryA
CertCloseStore
CertGetCertificateChain
CertAddCertificateContextToStore

ntdll

NtDeviceIoControlFile
NtQuerySystemInformation
RtlNtStatusToDosError
NtCancelIoFileEx
NtQueryInformationProcess
NtCreateFile
RtlGetVersion

gdi32

DeleteObject
SelectObject
SetStretchBltMode
StretchBlt
CreateCompatibleBitmap
GetDIBits
GetDeviceCaps
DeleteDC
GetObjectW
CreateCompatibleDC
CreateDCW

user32

GetMonitorInfoW
EnumDisplaySettingsExW
EnumDisplayMonitors

oleaut32

VariantClear
SafeArrayDestroy
SafeArrayGetLBound
SysAllocStringLen
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysFreeString
SysAllocString

ole32

CoCreateInstance
CoInitializeEx
CoTaskMemFree
CoUninitialize
CoSetProxyBlanket
CoInitializeSecurity

bcrypt

BCryptGenRandom

shell32

SHGetKnownFolderPath
CommandLineToArgvW

iphlpapi

GetIfEntry2
FreeMibTable
GetIfTable2

netapi32

NetUserGetLocalGroups
NetApiBufferFree
NetUserEnum

pdh

PdhAddEnglishCounterW
PdhRemoveCounter
PdhGetFormattedCounterValue
PdhOpenQueryA
PdhCloseQuery
PdhCollectQueryData

powrprof

CallNtPowerInformation

psapi

GetModuleFileNameExW
GetPerformanceInfo
EnumProcessModulesEx

vcruntime140

__CxxFrameHandler3
memset
memmove
memcmp
strchr
strrchr
strstr
memchr
_CxxThrowException
__C_specific_handler
__current_exception_context
__C_specific_handler_noexcept
__vcrt_GetModuleFileNameW
__vcrt_LoadLibraryExW
__current_exception
memcpy

api-ms-win-crt-string-l1-1-0

strcmp
strcat_s
strcpy_s
strcspn
strspn
strpbrk
strncmp
strlen
isupper
strcpy
tolower
_strdup
wcslen
strncpy

api-ms-win-crt-math-l1-1-0

__setusermatherr
_dclass
log

api-ms-win-crt-stdio-l1-1-0

fgets
fputc
fflush
_open
__stdio_common_vsprintf
_lseeki64
ftell
feof
__stdio_common_vfprintf
__stdio_common_vsscanf
fputs
__acrt_iob_func
fread
fwrite
_set_fmode
__p__commode
fclose
_close
fseek
_write
fopen
_read

api-ms-win-crt-heap-l1-1-0

_msize
_set_new_mode
malloc
calloc
realloc
free

api-ms-win-crt-runtime-l1-1-0

_exit
exit
__sys_errlist
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
__p___argc
_register_onexit_function
_set_app_type
_seh_filter_exe
terminate
_endthreadex
_cexit
_c_exit
_errno
_register_thread_local_exe_atexit_callback
_crt_atexit
_wassert
abort
_initialize_onexit_table
_configure_narrow_argv
_beginthreadex
_initterm_e
__sys_nerr
__p___argv

api-ms-win-crt-convert-l1-1-0

strtoll
strtoul
strtol
atoi
wcstombs

api-ms-win-crt-time-l1-1-0

_localtime64_s
_gmtime64
_time64
strftime

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-filesystem-l1-1-0

_access
_stat64
_fstat64
_unlink

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 19.2MB - Virtual size: 19.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 149KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: threatbook

Password: threatbook

84a9459a253c4033cb63b7de589d8d21

Headers

DLL Characteristics

File Characteristics

Imports

secur32

kernel32

advapi32

ws2_32

crypt32

ntdll

gdi32

user32

oleaut32

ole32

bcrypt

shell32

iphlpapi

netapi32

pdh

powrprof

psapi

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 19.2MB - Virtual size: 19.2MB

.rdata Size: 4.6MB - Virtual size: 4.6MB

.data Size: 149KB - Virtual size: 155KB

.pdata Size: 1.4MB - Virtual size: 1.4MB

.reloc Size: 84KB - Virtual size: 83KB

.text
Size: 19.2MB - Virtual size: 19.2MB

.rdata
Size: 4.6MB - Virtual size: 4.6MB

.data
Size: 149KB - Virtual size: 155KB

.pdata
Size: 1.4MB - Virtual size: 1.4MB

.reloc
Size: 84KB - Virtual size: 83KB