lucastealer | 080a25eaeb816aa1f95302c66368cd9cdd91fb77a34b2204faa24dc163eae009[.]bin

Resubmissions

07-09-2022 23:17

220907-29sz8aadhr 10

18-08-2022 16:45

220818-t9l8nshagp 10

03-08-2022 13:06

220803-qcf4lsbda9 1

Sharing

Copy URL

Twitter E-mail

General

Target

080a25eaeb816aa1f95302c66368cd9cdd91fb77a34b2204faa24dc163eae009.bin
Size

4.4MB
MD5

e729382e5cb366e7d1d89705509e6708
SHA1

9d9febc5fff121dc855e8b1d2e54460a59470211
SHA256

080a25eaeb816aa1f95302c66368cd9cdd91fb77a34b2204faa24dc163eae009
SHA512

7d4599843a1698d8e2ce824b08b7158a685ee714c23b16eed156f5be269e0f1d73359d132794db3a20490afe7802f00db0145f7cbc78f7d846412c2eb4130f2a
SSDEEP

49152:6OtCI9wdO1omSA33BD5oqJt2Dp1d2KqzQuZ2Xm+MLBndGkr2IQK0Ue0WG4n65R5/:6OCI9nXjMsKqznN37z4YyDc/

Score

10^/10

lucastealer

Malware Config

Signatures

Luca Stealer payload 1 IoCs

Processes:

resource yara_rule

sample family_lucastealer
Lucastealer family
lucastealer

resource	yara_rule
sample	family_lucastealer

Files

080a25eaeb816aa1f95302c66368cd9cdd91fb77a34b2204faa24dc163eae009.bin
.exe windows x64

37aabed47cd29a2273d7bf74d96393bd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

secur32

LsaGetLogonSessionData
LsaFreeReturnBuffer
LsaEnumerateLogonSessions

kernel32

GetConsoleMode
WaitForSingleObject
WriteConsoleW
GetCurrentDirectoryW
ReleaseMutex
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
RtlCaptureContext
RtlLookupFunctionEntry
GetEnvironmentVariableW
FormatMessageW
GetTempPathW
CreateFileW
DeviceIoControl
GetFullPathNameW
GetFinalPathNameByHandleW
SetFilePointerEx
FindNextFileW
CreateDirectoryW
FindFirstFileW
FindClose
CreateThread
ExitProcess
QueryPerformanceFrequency
QueryPerformanceCounter
GetSystemTimeAsFileTime
AcquireSRWLockShared
SetFileInformationByHandle
CopyFileExW
GetDriveTypeW
GetVolumeInformationW
GetDiskFreeSpaceExW
GetProcessTimes
GetSystemTimes
GetProcessIoCounters
LocalFree
ReadProcessMemory
VirtualQueryEx
OpenProcess
GetTickCount64
GetLogicalDrives
GlobalMemoryStatusEx
PostQueuedCompletionStatus
FlushFileBuffers
GetStdHandle
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
WideCharToMultiByte
SystemTimeToFileTime
GetCurrentProcessId
GetFileSize
LockFileEx
UnlockFile
HeapDestroy
HeapCompact
LoadLibraryW
DeleteFileA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
Sleep
MultiByteToWideChar
HeapSize
HeapValidate
UnmapViewOfFile
GetFileAttributesW
CreateMutexW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
HeapCreate
ReadFile
AreFileApisANSI
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
SetUnhandledExceptionFilter
SetLastError
GetCurrentThread
GetModuleHandleA
SetHandleInformation
DuplicateHandle
GetCurrentProcess
GetFileInformationByHandle
ReleaseSRWLockShared
WakeConditionVariable
GetSystemInfo
SetFileCompletionNotificationModes
CreateIoCompletionPort
GetQueuedCompletionStatusEx
TryAcquireSRWLockExclusive
SleepConditionVariableSRW
SwitchToThread
GetModuleHandleW
HeapReAlloc
HeapFree
GetProcessHeap
HeapAlloc
SetThreadStackGuarantee
AddVectoredExceptionHandler
FreeLibrary
GetProcAddress
LoadLibraryExW
GetComputerNameExW
DeleteFileW
GetFileInformationByHandleEx
GetUserPreferredUILanguages
WakeAllConditionVariable
GetLastError
ReleaseSRWLockExclusive
CloseHandle
AcquireSRWLockExclusive
UnhandledExceptionFilter
RtlVirtualUnwind
GetTickCount
RtlUnwind
GetStringTypeW
TerminateProcess
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
SetStdHandle
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetTimeZoneInformation
GetConsoleOutputCP
ReadConsoleW
GetCommandLineW
GetCommandLineA
GetModuleFileNameW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
RtlPcToFileHeader
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RaiseException
EncodePointer
RtlUnwindEx
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
MoveFileExA
GetSystemDirectoryA
GetFileSizeEx
PeekNamedPipe
GetFileType
SleepEx
InitializeCriticalSectionEx
GetEnvironmentVariableA
VerifyVersionInfoW
WaitForMultipleObjects

advapi32

RegQueryValueExW
SystemFunction036
OpenProcessToken
GetTokenInformation
LookupAccountSidW
GetUserNameW
RegOpenKeyExW
CryptImportKey
CryptEncrypt
CryptDestroyHash
CryptDestroyKey
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA

crypt32

CryptUnprotectData
CertOpenStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFindCertificateInStore
CertCloseStore
CertFreeCertificateContext
CertGetEnhancedKeyUsage

gdi32

CreateDCW
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
SetStretchBltMode
StretchBlt
GetDIBits
GetObjectW
GetDeviceCaps
DeleteObject

user32

EnumDisplayMonitors
GetMonitorInfoW
EnumDisplaySettingsExW

ntdll

NtQueryInformationProcess
VerSetConditionMask
NtQuerySystemInformation
RtlGetVersion
NtDeviceIoControlFile
NtCreateFile
NtCancelIoFileEx
RtlNtStatusToDosError

oleaut32

SafeArrayDestroy
SafeArrayAccessData
SafeArrayGetUBound
SysAllocStringLen
SysFreeString
SafeArrayUnaccessData
SysAllocString
VariantClear
SafeArrayGetLBound

pdh

PdhCloseQuery
PdhRemoveCounter
PdhGetFormattedCounterValue
PdhAddEnglishCounterW
PdhOpenQueryA
PdhCollectQueryData

ws2_32

sendto
WSACloseEvent
getsockname
WSACleanup
WSAStartup
shutdown
getaddrinfo
gethostname
bind
WSASocketW
getsockopt
WSAIoctl
connect
ioctlsocket
send
recvfrom
WSAGetLastError
getpeername
listen
setsockopt
htonl
closesocket
WSASend
freeaddrinfo
accept
select
__WSAFDIsSet
inet_pton
WSASetLastError
socket
ntohs
htons
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
recv

bcrypt

BCryptGenRandom

shell32

CommandLineToArgvW
SHGetKnownFolderPath

ole32

CoInitializeEx
CoUninitialize
CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
CoTaskMemFree

iphlpapi

GetIfEntry2
GetIfTable2
FreeMibTable

netapi32

NetApiBufferFree
NetUserEnum
NetUserGetLocalGroups

powrprof

CallNtPowerInformation

psapi

GetModuleFileNameExW
GetPerformanceInfo
EnumProcessModulesEx

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1021KB - Virtual size: 1020KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

37aabed47cd29a2273d7bf74d96393bd

Headers

DLL Characteristics

File Characteristics

Imports

secur32

kernel32

advapi32

crypt32

gdi32

user32

ntdll

oleaut32

pdh

ws2_32

bcrypt

shell32

ole32

iphlpapi

netapi32

powrprof

psapi

Sections

.text Size: 3.2MB - Virtual size: 3.2MB

.rdata Size: 1021KB - Virtual size: 1020KB

.data Size: 28KB - Virtual size: 35KB

.pdata Size: 108KB - Virtual size: 107KB

_RDATA Size: 512B - Virtual size: 348B

.reloc Size: 28KB - Virtual size: 27KB

.text
Size: 3.2MB - Virtual size: 3.2MB

.rdata
Size: 1021KB - Virtual size: 1020KB

.data
Size: 28KB - Virtual size: 35KB

.pdata
Size: 108KB - Virtual size: 107KB

_RDATA
Size: 512B - Virtual size: 348B

.reloc
Size: 28KB - Virtual size: 27KB